Information Security & Risk Management

1
 Table of Contents
Introduction......................................................................................................................................3

Discussion of comparison and contrast of two types of risk assessments: Quantitative and
Qualitative........................................................................................................................................3

Conclusion.......................................................................................................................................4

References........................................................................................................................................5

2
Introduction
Risk Assessment refers to the overall methodologies or procedure of determining the risk &
hazards factors that possess the potential to negatively influence an organisation (Stevenson,
2018). The micro & macro-environment of every organisation is dynamic in nature because of
the fluctuating market trends, changing customers behaviour & government regulations. Risk
assessment allows every organisation to identify the risk emerging from these changing
environment.
Critical components of risk assessment comprise identifying scope, identifying critical areas,
such as web servers, database server or internal firewall, & identifying team members of the
organisation. There are two types of risk assessments are Quantitative Risk assessment &
Qualitative risk assessment.

Discussion of comparison and contrast of two types of risk assessments: Quantitative and
Qualitative
Both quantitative & qualitative risk assessments are very effective methodologies of determining
the risk & hazards factors that possess the potential to negatively influence an organisation.
However, both the methodologies differ from one another. Quantitative Risk assessment is
concerned with calculating the absolute costs, losses & financial values whereas Qualitative risk
assessment is concerned with calculating the relative costs, losses & values of an organisation
(Jordan and Franklin, 2020). Quantitative analysis is objective in nature whereas qualitative
analysis is subjective. The quantitative analysis utilises numerical values like dollar or pounds
values, qualitative on the other hand is based on the opinions or perspective of the experts.
Quantitative risk analysis is reliably repeatable, unlike qualitative risk analysis. Quantity analysis
is also a very expensive methodology that can impose a burden on the financial resources of the
organisation. It also requires a significant amount of time to identify the emerging risks. On the
other hand, qualitative analysis is comparatively much quicker and inexpensive in nature & does
not exhaust the financial resources of the organisation. Quantity analysis also requires a
significant amount of historical data on the basis of which it assesses any emerging risks. The
qualitative analysis does not require any such data as it relies on the perspective or opinion of the
experts.

3
Qualitative risk analysis utilises word attributes such as high, medium & low and their data is
usually easy to obtain. Quantitative risk analysis uses numeric attributes such as pounds or dollar
& their data is not always easily obtain. Quantitative analysis is generally based on ALE, ARO &
SLE formulas whereas quantitative analysis is not based on any such formulas but relies on
expert’s opinions. Quantitative analysis shows clear savings or loss values of an organisation.
Qualitative analysis on the other hand clearly reflects the level of success of an organisation in
maintaining a specified standard or guidance or a predefined scale. Qualitative analysis also
requires a definition of a scale that will be utilised in the risk assessment, quantitative analyses
does not requires any such definitions. Furthermore, the data of quantitative analysis can be
effectively utilised in CBA, unlike the data generated from qualitative data analysis.

Conclusion
It can be concluded that risk assessment is an integral aspect of any organisation that is essential
to identify & eliminate any risk emerging from the fluctuating micro & macro environment of an
organisation. Risk assessment is generally performed before the introduction of new activities or
process in the organisation. In this discussion, the concept of Risk Assessment is elaborated &
the two type of risk assessment, i.e Quantitative & Qualitative risk assessment is compared.

4
References
Jordan, C. and Franklin, C. eds., 2020. Clinical assessment for social workers: Quantitative and
qualitative methods. Oxford University Press.
Stevenson, M., 2018. Assessing risk assessment in action. Minn. L. Rev., 103, p.303.