CISSP certification: Qualitative Risk Analysis.

Post author:Thor Pedersen
Post published:September 6, 2017
Post category:CISSP Certification / CISSP, CISM, CISA, and PMP BLOG / IT security / Updates

Qualitative Risk Analysis – How likely is it to happen and how bad is it if it happens? This is vague, guessing, a feeling and relatively quick to do. Most often done to know where to focus the Quantitative Risk Analysis.
- Qualitative Risk Analysis with the Risk Analysis Matrix.
  - Pick an asset: A laptop.
  - How likely is one to get stolen or left somewhere?
    I would think Possible or Likely.
  - How bad is it if it happens?
    That really depends on a couple of things:
  - Is it encrypted?
  - Does it contain Classified or PII/PHI content?
  - Let’s say it is Likely and a Minor issue, that puts the loss the High Risk category.
  - It is normal to move High and Extreme on to Quantitative risk analysis. If mitigation is implemented, we can maybe move the risk level to “Low” or “Medium”.

Tags: (ISC)², CISSP, CISSP CBK, CISSP Certification, CISSP class, CISSP domains, CISSP Practice questions, CISSP Salary, CISSP study, CISSP training

Thor Pedersen

IT, information security, and project management trainer Best selling CISSP. CISM, and PMP instructor on Udemy. CISSP, CISM, C|EH, CDPSE, PMP, 2x CCNP, CompTIA Security+, SCP, 3x CCNA, et. Al.

CISSP certification: Qualitative Risk Analysis.

Thor Pedersen

You Might Also Like

CISSP Tips and Tricks | How to use practice questions, deconstruct them, and time management – Part 2

Throwback Sunday – my first computer was a C64 0_o

Thor’s 2,500-word FREE glossary is LIVE!