Qualitative risk assessment uses which of the following terms for evaluating risk level?
Each correct answer represents a part of the solution. Choose two.
A.
Impact
B.
Annual rate of occurrence
C.
Probability
D.
Single loss expectancy
Explanation:
Unlike the quantitative risk assessment, qualitative risk assessment does not assign dollar values.
Rather, it determines risk’s level based on the probability and impact of a risk. These values are
determined by gathering the opinions of experts.
Probability- establishing the likelihood of occurrence and reoccurrence of specific risks,
independently, and combined. The risk occurs when a threat exploits vulnerability. Scaling is done
to define the probability that a risk will occur. The scale can be based on word values such as
Low, Medium, or High. Percentage can also be assigned to these words, like 10% to low and 90%
to high.
Impact- Impact is used to identify the magnitude of identified risks. The risk leads to some type of
loss. However, instead of quantifying the loss as a dollar value, an impact assessment could use
words such as Low, Medium, or High. Impact is expressed as a relative value. For example, low
could be 10, medium could be 50, and high could be 100.
Risk level= Probability*Impact
quantitative risk assessment. Formula is given as follows:
ALE= SLE*ARO