and prioritise threats.
Advantages of Qualitative Risk Assessment Technique:
Ease of calculation: when compared with quantitative technique, performing calculations using a qualitative technique is relatively simple.
Monetary value of assets does not need to be determined: to perform a qualitative risk assessment, IT managers don't need to come up with a monetary value assets identified during the initial asset identification phase.
It is not necessary to quantify threat frequency: because this technique does not require complex calculations, IT managers do not have to quantify the number of times a certain threat is likely to
It is easier to involve non-security and non-technical staff: though it is important to select as risk assessment team members, this technique does not require that selected team members consist solely of technical members.
Flexibility in process and reporting
Drawback of Qualitative Risk Assessment Techniques
Below is a discussion on the drawbacks of qualitative risk assessment techniques
Qualitative techniques are subjective in nature- i.e. rather than relying on 'statistical data or evidence' for its results, it is dependent on the quality of the risk management team that created it. The Cost-benefit analysis technique which assists in justifying the need for investing in controls is not used in qualitative risk assessment. It does not differentiate sufficiently between important risks.
Attributes of Qualitative Risk Assessments:
Qualitative risk assessment techniques offer a relatively faster process when compared with quantitative techniques; its emphasises are on descriptions as against statistical data, as such, teams members need not be overly technical to take part in a qualitative analysis process.
In addition, values from a qualitative risk assessment are not actual values. In other words, they are perceived valued. Finally, its findings are simple and expressed in relative terms understandable by non-technical people therefore requiring little or no training before its results can be understood.
Qualitative Risk Assessment Tools / Techniques:
A number of tools are available for carrying out qualitative risk assessment a few of them are discussed below:
Probability and impact matrix: the probability and impact matrix illustrates a risk rating
assignment for identified risks. Each risk is rated on its probability of occurrence and impact upon objective.
Risk probability and impact assessment: using this tool involves the risk analysis team rating the project's risks and opportunities [].
Ishikawa (Fishbone cause and effects diagrams): the cause and effect diagram can be used to explore all the possible or actual causes (or inputs) that result in a single effect (or output). This tool can be used for identifying areas where there maybe problems and to examine causes of risks.
Failure Mode and Effect Analysis (FMEA): the FMEA method starts by considering the risk events and then proceeds to predict all their possible effects in a chart form. []
Quantitative Risk Assessment
IT security managers as decision makers are susceptible to biased perception. as such, they require a means of accurately determining risks such that potential risk factors are not ove
本论文由英语论文网提供整理,提供论文代写,英语论文代写,代写论文,代写英语论文,代写留学生论文,代写英文论文,留学生论文代写相关核心关键词搜索。