Types of Risk Assessments

When considering a risk assessment, which method to use must first be identified. The two primary methods used in the IT field are:

  • Quantitative—The quantitative method is objective. It uses numbers, such as actual dollar values. A quantitative risk assessment requires a significant amount of data. Gathering this data often takes time. If the data is available, this type of risk assessment becomes a simple math problem with the use of formulas.
  • Qualitative—The qualitative method is subjective. It uses relative values based on opinions from experts. Experts provide their input on the probability and impact of a risk. A qualitative risk assessment uses words, such as low, medium, and high, instead of numbers. It can ...

Get Managing Risk in Information Systems, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial