Citations

  • Kouns and Minoli 2010 (†404)

    Kouns, Jake, and Daniel Minoli. "Information Technology Risk Management in Enterprise Environments: A review of industry practices and a practical guide to risk management teams" (Wiley, 2010).

Existing Citations

  • qualitative risk assessment : The goal of using pure quantitative methods in all circumstances is impractical due to the shortage of reliable data on incidents (probabilities and impacts), although they are potentially useful in some more narrowly defined situations. One solution is to use quick/simple qualitative risk assessments followed by risk analyses on selected high-risk areas using more detailed qualitative or quantitative methods. ¶ Qualitative risk analysis: Ranking threats/exposure events on a scale. Based on the scale, one evaluates the likelihood of occurrence, the costs, and the outcomes, based on judgment, experience, and situational awareness. (†886)
  • quantitative risk assessment : The goal of using pure quantitative methods in all circumstances is impractical due to the shortage of reliable data on incidents (probabilities and impacts), although they are potentially useful in some more narrowly defined situations. . . . One solution is to use quick/simple qualitative risk assessments followed by risk analyses on selected high-risk areas using more detailed qualitative or quantitative methods. ¶ Quantitative risk analysis: One assigns precise monetary values to the possible outcomes of risk exposures and then computed an expected value based on a probability distribution that such exposure resulted in actual damage. (†887)