Qualitative vs. Quantitative: Which Risk Analysis wins?

Qualitative vs. Quantitative: Which Risk Analysis wins?

Written by

Aron Lange

Published

Join me as we walk through the requirements for defining and documenting a risk assessment process for ISO 27001 that actually works.

In this session, we cover:

  • The “Planning” vs. “Execution” Trap: Clarifying the difference between Clauses 6.1.2 and 8.2.

  • The 3 Pillars of Assessment: A detailed look at Risk Identification, Risk Analysis, and Risk Evaluation.

  • Risk Owners: Who they actually are (hint: it’s usually not the IT department).

  • Methodologies Explained:

    • Qualitative Analysis: How to use a Risk Matrix (Likelihood vs. Impact).

    • Quantitative Analysis: How to calculate Single Loss Expectancy (SLE) and Annualized Loss Expectancy (ALE).

  • Real-World Scenario: A practical example involving a Data Center in Hawaii and... a volcano. 🌋

NEWSLETTER

Be the GRC Practitioner
AI Can't Replace.

Launch, grow and accelerate your career in Governance, Risk and Compliance

Subscribe

NEWSLETTER

Be the GRC Practitioner
AI Can't Replace.

Launch, grow and accelerate your career in Governance, Risk and Compliance

Subscribe