- Qualitative Risk Analysis – How likely is it to happen and how bad is it if it happens? This is vague, guessing, a feeling and relatively quick to do. Most often done to know where to focus the Quantitative Risk Analysis.
- Qualitative Risk Analysis with the Risk Analysis Matrix.
- Pick an asset: A laptop.
- How likely is one to get stolen or left somewhere?
I would think Possible or Likely. - How bad is it if it happens?
That really depends on a couple of things: - Is it encrypted?
- Does it contain Classified or PII/PHI content?
- Let’s say it is Likely and a Minor issue, that puts the loss the High Risk category.
- It is normal to move High and Extreme on to Quantitative risk analysis. If mitigation is implemented, we can maybe move the risk level to “Low” or “Medium”.
- Qualitative Risk Analysis with the Risk Analysis Matrix.
IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.
