In a quantitative risk assessment, what is the standard approach?

Prepare for the DSAC-11 Annex B Test. Study with our quiz featuring flashcards and multiple-choice questions, each question accompanied by hints and explanations. Get ready to excel!

Multiple Choice

In a quantitative risk assessment, what is the standard approach?

Explanation:
In quantitative risk assessment, probability and impact are quantified for each threat, then combined into a numeric risk score and compared against predefined thresholds to determine the order of mitigations. This lets you rank risks on a common scale, justify decisions with numbers, and adjust priorities as data or controls change. A common approach is to multiply probability by impact to get the risk score, with thresholds that translate those scores into actionable actions. Using numbers provides objective comparisons, supports tracking over time, and enables sensitivity analyses. Relying solely on qualitative labels like high/medium/low sacrifices precision and cross-domain comparability, making it harder to justify prioritization or observe trends. Ignoring likelihood and only counting incidents ignores how often an event might occur relative to its severity. Treating risk as a fixed constant ignores dynamic changes in threats and controls, leaving the assessment outdated as conditions evolve.

In quantitative risk assessment, probability and impact are quantified for each threat, then combined into a numeric risk score and compared against predefined thresholds to determine the order of mitigations. This lets you rank risks on a common scale, justify decisions with numbers, and adjust priorities as data or controls change. A common approach is to multiply probability by impact to get the risk score, with thresholds that translate those scores into actionable actions. Using numbers provides objective comparisons, supports tracking over time, and enables sensitivity analyses.

Relying solely on qualitative labels like high/medium/low sacrifices precision and cross-domain comparability, making it harder to justify prioritization or observe trends. Ignoring likelihood and only counting incidents ignores how often an event might occur relative to its severity. Treating risk as a fixed constant ignores dynamic changes in threats and controls, leaving the assessment outdated as conditions evolve.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy