Jeff Lowder

The Difference between Quantitative and Qualitative Risk Analysis and Why It Matters (Part 2)

Objective vs. Subjective Approaches: Strengths and Weaknesses

As we have seen, quantitative risk analyses can be subjective and qualitative risk analyses can be objective. The purpose of this slide is to summarize and discuss some of the advantages and disadvantages of both the objective and subjective approaches to risk analysis.

 

Objective

Subjective

Pros

  • More accurate
  • Evidence not needed

 

  • Risk management performance can be tracked objectively
  • Cheaper

 

  • Easier to prioritize risks
  • Faster

 

 

  • Easier
 

 

 

Cons

  • Requires evidence
  • Less accurate

 

  • Expensive
  • Less buy-in

 

  • Time-consuming
  • Difficulty in prioritizing risks

 

  • Lack of granular data regarding specific security threats
  • Difficulty in tracking risk management performance objectively

 

  • Cynical attitudes (“you can prove anything with statistics”)
  • Cynical attitudes (“this is all subjective”)

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*