A security analyst at a financial institution is tasked with conducting a risk analysis. The analyst needs to prioritize risks to present to the executive board, which prefers an overview based on the general magnitude of impact rather than precise numerical values. Which approach should the analyst use to assess and present the risk levels?
The correct answer is 'Qualitative Risk Analysis.' Qualitative risk analysis evaluates and prioritizes risks using subjective measures, such as low, medium, and high, to describe the impact and likelihood of potential threats. This approach is useful for presenting an overview to stakeholders who prefer general magnitudes over detailed statistics. The incorrect answers involve either specific numerical values or do not align with the described scenario. 'Quantitative Risk Analysis' utilizes numerical values to quantify risk and is more complex and detailed than necessary for providing a general overview. 'Annualized Rate of Occurrence Analysis' focuses on the frequency of an event occurring over a year, which overly specifies the scenario at hand. 'Disaster Recovery Strategy' is a plan for resuming normal business operations after a disaster and is not a method for risk analysis.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the main difference between Qualitative and Quantitative Risk Analysis?
Open an interactive chat with Bash
What are some common subjective measures used in Qualitative Risk Analysis?