CISSP certification: Qualitative Risk Analysis.

  • Qualitative Risk Analysis – How likely is it to happen and how bad is it if it happens? This is vague, guessing, a feeling and relatively quick to do. Most often done to know where to focus the Quantitative Risk Analysis.
    • Qualitative Risk Analysis with the Risk Analysis Matrix.
      • Pick an asset: A laptop.
      • How likely is one to get stolen or left somewhere?
        I would think Possible or Likely.
      • How bad is it if it happens?
        That really depends on a couple of things:
      • Is it encrypted?
      • Does it contain Classified or PII/PHI content?
      • Let’s say it is Likely and a Minor issue, that puts the loss the High Risk category.
      • It is normal to move High and Extreme on to Quantitative risk analysis. If mitigation is implemented, we can maybe move the risk level to “Low” or “Medium”.

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

You may also like

Leave a Reply