CISSP certification: Qualitative Risk Analysis.

  • Qualitative Risk Analysis – How likely is it to happen and how bad is it if it happens? This is vague, guessing, a feeling and relatively quick to do. Most often done to know where to focus the Quantitative Risk Analysis.
    • Qualitative Risk Analysis with the Risk Analysis Matrix.
      • Pick an asset: A laptop.
      • How likely is one to get stolen or left somewhere?
        I would think Possible or Likely.
      • How bad is it if it happens?
        That really depends on a couple of things:
      • Is it encrypted?
      • Does it contain Classified or PII/PHI content?
      • Let’s say it is Likely and a Minor issue, that puts the loss the High Risk category.
      • It is normal to move High and Extreme on to Quantitative risk analysis. If mitigation is implemented, we can maybe move the risk level to “Low” or “Medium”.

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

You may also like

Leave a Reply