Essay: Risk Management Explain the Difference

Pages: 2 (784 words)  ·  Bibliography Sources: 2  ·  Level: College Senior  ·  Topic: Business - Management  ·  Buy This Paper

Risk Management

Explain the difference between a Quantitative and Qualitative Analysis and discuss how to calculate the following: expected loss, single loss expectancy, annualized loss expectancy and safeguard value.

Quantitative analysis is when you are looking at specific variables (i.e. mathematical formulas) to understand the over nature of the threat or issues surrounding an IT protocol. ("Quantitative Analysis," 2011) Qualitative analysis is when you examining numerous formulas to comprehend the overall scope the risks facing a particular system. The way that expected loss is calculated is by taking the probability that a certain positive event will happen (usually in the form of percentage) and adding it to specific negative situations that could occur. The way single loss expectancy is calculated is by taking the asset value and multiplying it into the exposure factor. To determine the annualized loss expectancy you would multiply the single loss expectancy into the annual rate of occurrence. The safeguard value is determined by subtracting the annual loss expectancy rate before the incident from the annualized loss expectancy after an incident. You would then subtract these numbers from the annual safeguard costs (Landoll, 2006, pg. 417)

Describe the differences between the following risk assessment methods: FAA Security Risk Management Process, OCTAVE, FRAP, CRAMM, and NSA IAM.

The FAA Security Risk Management Process was designed to provide everyone with a workable solution for understanding the risks facing a particular protocol throughout the life cycle management procedure. It provides a qualitative method for the kinds of level formulas, descriptions and calculations. OCTAVE establishes a process for guidelines, time lines, checklists and the methodology description for a security assessment procedure. It includes a number of different phases most notably: asset-based threat profiles, infrastructure vulnerability identification and security strategy development. FRAP is when you are using the qualitative method to understand the nature of the threat in a three step process over the course of ten days. CRAMM is a qualitative tool that examines the methodology, computations and reporting of various computation models. The NSA IAM is a risk assessment tool that assesses risks through: pre-assessment procedures, an onsite visit and post assessment analysis. This usually takes place with 2 to 3 people conducting the examination. (Landoll, 2006, pp. 427 -- 430)

If you could, which security reporting methodology would recommend to promote an organizational security culture, in which stakeholders are more… [END OF PREVIEW]

Construction Project Risk Management Research Paper

Project Risk Management Planning Research Paper

Management and Leadership Term Paper

Management Healthcare Essay

Managing Across Cultures 30 Essay

View 1,000+ other related papers  >>

Cite This Essay:

APA Format

Risk Management Explain the Difference.  (2011, July 27).  Retrieved September 20, 2019, from

MLA Format

"Risk Management Explain the Difference."  27 July 2011.  Web.  20 September 2019. <>.

Chicago Format

"Risk Management Explain the Difference."  July 27, 2011.  Accessed September 20, 2019.