Qualitative risk assessment uses which of the following terms for evaluating risk level? Each correct answer represents a part of the solution.
Choose two.
Click on the arrows to vote for the correct answer
A. B. C. D.AC.
Unlike the quantitative risk assessment, qualitative risk assessment does not assign dollar values.
Rather, it determines risk's level based on the probability and impact of a risk.
These values are determined by gathering the opinions of experts.
-> Probability- establishing the likelihood of occurrence and reoccurrence of specific risks, independently, and combined.
The risk occurs when a threat exploits vulnerability.
Scaling is done to define the probability that a risk will occur.
The scale can be based on word values such as Low, Medium, or High.
Percentage can also be assigned to these words, like 10% to low and 90% to high.
-> Impact- Impact is used to identify the magnitude of identified risks.
The risk leads to some type of loss.
However, instead of quantifying the loss as a dollar value, an impact assessment could use words such as Low, Medium, or High.
Impact is expressed as a relative value.
For example, low could be 10, medium could be 50, and high could be 100
Risk level = Probability * Impact Incorrect Answers: B, D: These are used for calculating Annual loss expectancy (ALE) in quantitative risk assessment.
Formula is given as follows: ALE= SLE * ARO.
Qualitative risk assessment is a risk assessment method that uses subjective judgement based on experience and expertise to evaluate the likelihood and potential impact of risks. Qualitative risk assessment is typically used when there is insufficient data or when the cost of gathering data would be too high. Qualitative risk assessment is also useful when dealing with complex systems, where the interaction of various components and factors makes it difficult to quantify risk with precision.
The terms used in qualitative risk assessment to evaluate risk levels are as follows:
Impact: Impact refers to the severity of the consequences that may result from a risk event. It takes into consideration the scope, magnitude, and duration of the impact, as well as the degree of harm that may result from the event. Impact is typically evaluated on a scale of low, medium, and high.
Probability: Probability refers to the likelihood of a risk event occurring. Probability is typically evaluated on a scale of low, medium, and high. The evaluation of probability is often based on historical data, expert judgement, or a combination of both.
Annual rate of occurrence and single loss expectancy are terms commonly used in quantitative risk assessment.
Annual rate of occurrence: Annual rate of occurrence refers to the number of times a risk event is expected to occur in a given period. Annual rate of occurrence is typically used in quantitative risk assessment to calculate the expected monetary loss from a risk event.
Single loss expectancy: Single loss expectancy refers to the monetary value of the loss that would result from a single occurrence of a risk event. Single loss expectancy is typically used in quantitative risk assessment to calculate the expected monetary loss from a risk event.
In summary, impact and probability are the terms used in qualitative risk assessment to evaluate risk levels.