The risk that remains after the implementation of controls is called the residual risk. All systems will have residual risk because it is virtually impossible to completely eliminate risk to an IT system.
In other words, we can say that there are two main parts of the security risk analysis known as Quantitative risk analysis and the Qualitative risk analysis.
Quantitative Risk Analysis
It is the process of the risk analysis in which the risk analysis is performed with the application of the numerical measures. All the values of the resources in this case are defined in amounts, and the frequency of the threat occurrence is defined in number of cases and susceptibility by the probability of its loss. The quantitative risk analysis is given by the formula:
R = P * W and P = F * V
Where, R = Risk Value
P = Probability or predicated number of incident occurrence causing loss of assets value in defined period
W = Value of loss – predicted medium loss of assets value, as a result of single incident occurrence
F = Frequency of threat occurrence
V = Susceptibility of information system on (or its element) a threat; it is the measure of probability of usage of specified susceptibility by a given threat.
The most common of all the methods used for quantitative risk analysis is ALE (Annual Loss Expected). The formula is-
ALE = (Probability of Event) * (Value of losses)
Qualitative Risk Analysis
Qualitative risk analysis is different from quantitative risk analysis it does not present the risk in terms of the numerical values instead it presents the risks in terms of the descriptions and recommendations. In the case of the qualitative risk analysis model risk assessment is connected with;
The determination of the qualitative scales for the frequency of the threat occurrence and the susceptibility for a given threat. It also deals with the qualitative description of the asset’s values.
The description of the scenarios by using the process of the prediction of the main risk factors.
Some of the most common examples of the qualitative risk assessment models are FMEA / FMECA, The Microsoft Corporate Security Group Risk Management Framework, NIST SP 800-30 and CRAMM.
The major part and the theme of the FMEA / FMECA is the analysis of the impact of each and every potential defect on the functionality of the whole system and it also calculates the level of severity of the potential defects in the information system.
You May Also Like-
Threats to Information System
What About Information Security??
What do you understand by Information System??
6 Important Question on Tar (Highway Material)
7 Important questions on Bituminous Materials
What are imperfection or defects of Solids
The term ‘soil’ in soil engineering is defined as an unconsolidated material, composed of solid particles, produced by the disintegration of rocks. The void space between the particles may contain air, water or both. The soil particles may contain organic matter.
What are Bricks? Bricks are one of the oldest building materials and it’s extensively used at present as a loading material in construction methods because of its durability, strength, reliability, low cost, easy availability, etc. Bricks are manufactured by molding burnt clay or a mixture of sand and lime or of Portland cement concrete, in…
Water Proofing Materials Dampness in a building is the main cause of the deterioration of the building as well as for the ill-health of the occupants. The damp brickwork in the buildings is prone to fresh attack. Also, the soluble salts in bricks are liable to attack the cement mortar when the brickwork remains wet…
Sound Insulation A well-designed building should incorporate sound insulation to restrain the noise level. High noise conditions result in uncomfortable living conditions, mental strains, fatigue, and may even lead to a nervous breakdown or temporary deafness. Adequate insulation can be achieved by using sound-absorbing or sound repellent materials. Sound Insulating Materials Sound Insulating Materials fall…
Heat Insulating Materials The purpose of thermal insulation is to restrict the heat transfer from warmer to cooler areas. Transfer of heat takes place by three processes- the convection, the radiation and, the conduction. Convection In convection, heat is transferred from one place to another by the movement and mixing of liquids or gases. Radiation…