Qualitative/quantitative risk analysis

There are two different approaches to risk management and they are qualitative and quantitive risk assessments. Let us look at both of them:

  • Qualitative risk analysis: Qualitative risk analysis is when the risk is evaluated as a high, medium, or low risk.
  • Quantitative risk analysis: Quantitative risk analysis is where you look at the high qualitative risks and give them a number value so that you can associate them with a cost for the risk.

In this example, we are going to grade a risk and its probability from 1—9, with 1 being low and 9 being high. If we look at the impact of losing a mail server, the qualitive risk analysis would say that it is high but the probability of losing it would be low: ...

Get CompTIA Security+ Certification Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.