|
CHAPTER 5 |
Defining Risk Assessment Approaches |
A RISK ASSESSMENT IS PERFORMED to identify the most serious risks. Risk management techniques include avoid, share or transfer, mitigate, or accept. The risk assessment allows you to prioritize the risks. You manage the high-priority risks and accept the low-priority risks. The risk assessment also helps you identify the best methods to control the risks. This helps ensure the controls you purchase provide the best benefits.
There are two primary methods used to create a risk assessment, quantitative and qualitative. You can use a quantitative method with predefined formulas. For example, you can calculate annual loss expectancy (ALE) by multiplying annual rate of occurrence (ARO) times ...
Get Managing Risk in Information Systems, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
