1.1. Task 1.1: Performing an Initial Risk Assessment

Risk assessment can be achieved by one of two methods: qualitative or quantitative. Qualitative assessment does not attempt to assign dollar values to components of the risk analysis. It ranks the seriousness of threats and sensitivity of assets into grades or classes, such as low, medium, or high.

Quantitative assessment deals with numbers and dollar amounts. It attempts to assign a cost (monetary value) to the elements of risk assessment and to the assets and threats of a risk analysis. The quantitative assessment process involves these three steps:

  1. Estimate potential losses—Single Loss Expectancy (SLE) = Asset Value × Exposure Factor.

  2. Conduct a threat analysis—The goal here is to estimate ...

Get Security Administrator Street Smarts: A Real World Guide to CompTIA Security+™ Skills, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.