A security analyst at a financial institution is tasked with conducting a risk analysis. The analyst needs to prioritize risks to present to the executive board, which prefers an overview based on the general magnitude of impact rather than precise numerical values. Which approach should the analyst use to assess and present the risk levels?
Annualized Rate of Occurrence Analysis
Qualitative Risk Analysis
Disaster Recovery Strategy
Quantitative Risk Analysis