The Difference between Quantitative and Qualitative Risk Analysis and Why It Matters (Part 2)

Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Search

The Difference between Quantitative and Qualitative Risk Analysis and Why It Matters (Part 2)

Jeff Lowder writes the column Agile Security: Balancing Security with the Need for Agility

By Jeff Lowder posted in General • October 29, 2008 • 6:00am

Pages: 1 2 3 4 5

Numerical vs. Non-Numerical: Strengths and Weaknesses

	Numerical	Non-Numerical
Pros	Meaningful	None
	More useful as a business tool – results are expressed in management’s language (money)


Cons	How to quantify the intangibles?	Meaningless
	Expensive	False sense of confidence (“I don’t have to deal with potentially difficult mathematical problems”)

In the author’s opinion, a failure to appreciate the numerical nature of qualitative values has been the source of significant confusion and error in the literature on information security risk management. Here are three examples:

Popularity: 18%

Pages: 1 2 3 4 5

•Sphere: Related Content•

Popularity: 18%

•

Print

evidence, featured, interval scale, NIST, numerical, objective, qualitative, quantiative, risk, Risk Analysis, risk management, subjective Post a comment or leave a trackback: Trackback URL.

BlogInfoSec.com

Search

The Difference between Quantitative and Qualitative Risk Analysis and Why It Matters (Part 2)

Post a Comment

BlogInfoSec.com Sponsors

BlogInfoSec.com Partners

Qualified Writer?

Subscribe to Our Newsletter:

Authors

Categories

Translations

Recent Comments