Qualitative vs. Quantitative: Which Risk Analysis wins?

Qualitative vs. Quantitative: Which Risk Analysis wins?

Written by

Aron Lange

Published

Join me as we walk through the requirements for defining and documenting a risk assessment process for ISO 27001 that actually works.

In this session, we cover:

  • The “Planning” vs. “Execution” Trap: Clarifying the difference between Clauses 6.1.2 and 8.2.

  • The 3 Pillars of Assessment: A detailed look at Risk Identification, Risk Analysis, and Risk Evaluation.

  • Risk Owners: Who they actually are (hint: it’s usually not the IT department).

  • Methodologies Explained:

    • Qualitative Analysis: How to use a Risk Matrix (Likelihood vs. Impact).

    • Quantitative Analysis: How to calculate Single Loss Expectancy (SLE) and Annualized Loss Expectancy (ALE).

  • Real-World Scenario: A practical example involving a Data Center in Hawaii and... a volcano. 🌋

NEWSLETTER

Be the GRC Practitioner
AI Can't Replace.

I agree that Lange Advisory GmbH may send me newsletters about updates, offers, and articles. I can unsubscribe anytime. For more details see our privacy policy.

NEWSLETTER

Be the GRC Practitioner
AI Can't Replace.

I agree that Lange Advisory GmbH may send me newsletters about updates, offers, and articles. I can unsubscribe anytime. For more details see our privacy policy.