Best Practices for Quantitative and Qualitative Risk Assessment
Many organizations prefer to do a quantitative risk assessment because it aligns the financial impact of risk so that a return on investment (ROI) or cost-benefit analysis and justification can be presented to management. Many organizations use this quantitative risk assessment to assist in creating budgets for information security controls and security countermeasures. As these controls and countermeasures are implemented, the overall risk is mitigated to the organization’s minimum acceptable level of risk. Quantitative risk assessments require accurate IT asset inventories, accurate IT asset valuations, and a consistent method for defining exposure factors for known threats.
Get Inside Network Security Assessment: Guarding Your IT Infrastructure now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
