Risk Identification
1. Risk management should be accomplished by a cross-functional team,including Sr.managers,technical staff,end-users and affected parties
2. Risk=Asset * Threat * Vulnerabilities
3. Risk modeling based of asset or threat.
4. Create the risk register.
Risk Analysis
1. Determine a value for the risk.The risk value will justify the risk reponse.
2. Risk value is probability * Impact
3. Qualitative
+ Subjective analysis to help prioritize probability and impact of risk events.
+ May use Delphi Technique.
4. Quantitative
+ Using objective,empirical data,often seeking to provide a dollar value to a particular risk event.
+ Much more sophisticated in nature, a quantitative analysis if much more difficult and requires special skill set.
+ Business decisions are made on a quantitative analysis.
+ Can't exist on it's own.Quantitative analysis depends on qualitative information.
0 Comments