From the course: ISACA Certified Information System Manager (CISM) Cert Prep

Unlock this course with a free trial

Join today to access over 25,300 courses taught by industry experts.

Risk assessment and analysis

Risk assessment and analysis

From the course: ISACA Certified Information System Manager (CISM) Cert Prep

Start my 1-month free trial Buy for my team

Risk assessment and analysis

- [Instructor] And risk assessment is all about figuring out a value for the risk. What do we stand to lose? Because I can't appropriately choose a mitigation strategy until I understand the value of the risk. So, in risk assessment, we can look at both qualitative and quantitative analysis. Both of them are concerned with getting a value. It's just that a qualitative analysis is more subjective in nature, and a quantitative analysis is more fact-based, more objective. Again, now we're focused on value. Now, that value can come in two different flavors. Qualitative analysis. This is usually our starting point. And you're doing qualitative analysis when you're using words like low, medium, high. How much of a chance is there it's going to rain this weekend? There's medium chance. That's a qualitative analysis. And the thing about a qualitative analysis is it doesn't require research. It really is more based on gut feeling, it's based on experience, which is one of the reasons that it's…

Contents