LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

Risk Assesment

  Quote
Guest
kapkoti Created:   Feb 10, 2017 Last commented:   Feb 11, 2017

Risk Assesment

What is the difference between qualitative and quantitative risk assessment, Please describe with an example....
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 11, 2017
Qualitative risk assessment is based on perceptions and judgements to assess probabilities and impacts, does not make use of complex mathematical analysis, and its results makes sense only in the context of the analysis, generally represented by scales like “low, medium and high” or “80 in a scale from 0 to 99” (e.g., high risk of data loss, or a risk of data loss of 80 in a scale from 0 to 99 ). 99% of the companies use qualitative assessment to perform quick assessments in simple situations or to help identify risks that requires further analysis when they have many risks to work on.

On the other hand, quantitative risk assessment is based on heavy use of mathematics (e.g., statistical distribution) and simulation tools to assess probabilities and impacts, and its results makes sense outside the context of the analysis, generally in terms of money and time impacts if a risk occurs in a specific period (e.g., 30% of chance of data loss results in a loss of 550k if the risk occurs in the next five years). Terms related to quantitative risk assessment are ROSI, SLE, ARO and ALE, which you can know more by watching this free webinar:

- ISO 27001 benefits: How to obtain management support https://advisera.com/27001academy/webinar/iso-27001-benefits-how-to-get-management-buy-in-free-webinar-on-demand/

These materials will also help you regarding qualitative risk assessment:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 10, 2017

Feb 11, 2017

Suggested Topics