The risk that remains after the implementation of controls is called the residual risk. All systems will have residual risk because it is virtually impossible to completely eliminate risk to an IT system.
In other words, we can say that there are two main parts of the security risk analysis known as Quantitative risk analysis and the Qualitative risk analysis.
Quantitative Risk Analysis
It is the process of the risk analysis in which the risk analysis is performed with the application of the numerical measures. All the values of the resources in this case are defined in amounts, and the frequency of the threat occurrence is defined in number of cases and susceptibility by the probability of its loss. The quantitative risk analysis is given by the formula:
R = P * W and P = F * V
Where, R = Risk Value
P = Probability or predicated number of incident occurrence causing loss of assets value in defined period
W = Value of loss – predicted medium loss of assets value, as a result of single incident occurrence
F = Frequency of threat occurrence
V = Susceptibility of information system on (or its element) a threat; it is the measure of probability of usage of specified susceptibility by a given threat.
The most common of all the methods used for quantitative risk analysis is ALE (Annual Loss Expected). The formula is-
ALE = (Probability of Event) * (Value of losses)
Qualitative Risk Analysis
Qualitative risk analysis is different from quantitative risk analysis it does not present the risk in terms of the numerical values instead it presents the risks in terms of the descriptions and recommendations. In the case of the qualitative risk analysis model risk assessment is connected with;
The determination of the qualitative scales for the frequency of the threat occurrence and the susceptibility for a given threat. It also deals with the qualitative description of the asset’s values.
The description of the scenarios by using the process of the prediction of the main risk factors.
Some of the most common examples of the qualitative risk assessment models are FMEA / FMECA, The Microsoft Corporate Security Group Risk Management Framework, NIST SP 800-30 and CRAMM.
The major part and the theme of the FMEA / FMECA is the analysis of the impact of each and every potential defect on the functionality of the whole system and it also calculates the level of severity of the potential defects in the information system.
You May Also Like-
Threats to Information System
What About Information Security??
What do you understand by Information System??
6 Important Question on Tar (Highway Material)
7 Important questions on Bituminous Materials
What are imperfection or defects of Solids
Right Understanding We all know that the Human Desire is to be in continuous happiness which is the need of I (self). But do you know, from where Continuous happiness will come? No, right! So continuous happiness is to be in Right Understanding, Right Feeling, and Right Thought that is Activity of I (Self). Do…
Where We Are (Self-Evolution) We exist as human being. We want to live a fulfilling life. We have some desires and we have some programs for the fulfilment of it. We need to understand our basic aspiration and program for its fulfillment correctly and comprehensively. Only then, we can ensure fulfillment. We should explore ourselves…
Highway Construction Embankment Construction Materials and General Requirements The materials used in embankments, subgrades, earthen, shoulders, and miscellaneous backfills shall be soil, moorum, gravel, a mixture of these. Clay having liquid limit exceeding 70 and plasticity index exceeding 45; shall be considered unsuitable for embankment. Sub-grade and top 500mm portion of the embankment just below…
Special Concretes Concrete is most vital material in modern construction. In addition to normal concrete, other varieties in use are, high strength and high-performance concrete, self-compacting, lightweight, high density, fiber reinforced, polymer, colored concrete, etc. The making of concrete is an art as well as a science. Special types of concrete are those with out-of-the-ordinary…
Marketing Practices Success in the world of business, no matter how you earn it, you have to rule on the marketplace. Although luck plays a role in the outcome of the market strategies. In the business decisions, there should be the understanding of market otherwise the failure will take place by the marked decisions. While…
Risk Assessment Risk assessment comprises the following steps: System characterizationThreat identificationVulnerability identificationControl analysisLikelihood determinationImpact analysisRisk determinationControl recommendationResults documentation System Characterization This step characterizes and defines the scope of the risk assessment process. During this step, the following information about the system must be gathered: SoftwareHardwareDataSystem interfacesIT system support personnelIT system usersSystem missionCritically of the system…