英语论文网

rlooked this hence the need for quantitative risk assessments.

Quantitative risk analysis generally follows on from the qualitative risk analysis process. It aims to numerically analyse the probability of each risk and its consequence on the project objectives as well as the extent of overall project risk.

Quantitative Risk Assessment Techniques
In quantitative risk analysis processing, techniques such as 'Monte Carlo'[] and 'Bayesian' simulations can be employed because they provide indispensible tools to the risk assessment team.

These tools assist the team in determining the probability of achieving a specific project objective. They are equally used to quantify the risk exposure for the project and determine the size of cost and schedule contingency reserves that may be needed. Additionally, they identify the risks which require the most attention by quantifying their relative contributions to project risk.

Advantages of Quantitative Risk Assessment
Using quantitative assessments IT managers are able to present the results of risk assessment in a straight forward manner to support the accounting based presentation of senior managers. []

As results are statistical in nature, it aids in determining whether an expensive safeguard is worth purchasing or not. The process requires the risk assessment team to put great effort into assets value definition and mitigation as a result; its results are based substantially on independently objective processes and metrics.

Finally, carrying out a quantitative risk analysis is fairly simple and can easily follow a template type approach.

Drawbacks of Quantitative Risk Assessment
Calculations involved in quantitative risk assessments are complex and time consuming. Its results are presented in monetary terms only and as such, may be difficult for non-technical people to interpret. The process requires expertise so participants cannot be easily coached through it. Impact values assigned to risks are based on opinions of participants.[]

Attributes of Quantitative risk assessment
Accuracy of results from quantitative risk assessment tends to increase over time as the organisation builds historic record of data while gaining experience. Results generated from a quantitative assessment are financial in nature, making quantitative techniques useful for cost benefit analysis.

Quantitative Risk Assessment Tools
Decision Trees Analysis: the decision tree is a useful tool for choosing an option from alternatives. It is used to explore different options and the outcome of selecting a specific option.

Sensitivity Analysis: This technique is used to determine the risks which are likely to have the highest impact on the project. In sensitivity analysis, the effect of each risk is examined while keeping all other uncertain elements at baseline values.[]

Striking a Balance
As already highlighted above, both approaches to risk management have their advantages and disadvantages. Certain situations may call for organisations to adopt the quantitative approach. Conversely, smaller organisations with limited resources will probably find the qualitative approach better fitting.

Furthermore, in selecting a risk analysis technique, IT security managers should select a technique that best reflects the nee