Risk analysis assesses internal and external factors that can affect a business’s productivity, profitability, and operations. Qualitative and quantitative risk analysis are the two main types. Plans must be put in place to manage risks identified.
Risk analysis is the process that a company goes through to assess the internal and external factors that can affect the productivity, profitability and operations of the business. There are two main types of risk analysis. These two broad categories are qualitative and quantitative risk analysis. By assessing these risks, companies can establish plans on how to avoid and manage them.
Qualitative risk analysis is made up of six main parts. Qualitative risk elements include threat, attack, vulnerability, control, impact, and business impact. A company needs to assess all of these elements as a comprehensive package to assess the qualitative risks that the company has.
To illustrate how companies perform qualitative risk analysis, suppose a credit card company has computer records of 10,000 to 500,000 customers at any given time. The first risk is that numerous employees in different departments have access to all of this personal customer information.
When the auditors show up at the credit card company, the problem the auditors find is the risk that the files do not contain encrypted information. This means that when the information is sent to the enterprise web server and when it is in the database, it is at risk. Information is at risk from employees or outside hackers to obtain personal
Quantitative risk analysis focuses more on the facts, figures, and data associated with the business. The two main subcategories of quantitative analysis are the probability of the risk occurring and the probability of a loss if the risk does occur.
For example, a health insurance company office that has 1,000 patient files in house would need to assess the risk if there is a breach of confidentiality. Suppose that in this case the health insurance records are in a single database. Also, suppose the database is compromised by a hacker breaking into the database. Essentially, this exposes all 1,000 patient files, personal information, medical and insurance records to the hacker.
Suppose the insurance company’s office places a dollar value of $30 US dollars (USD) to amend each of the patient’s files. The $30 USD cost covers everything from changing patient account numbers and printing new health insurance cards to contacting each and every patient to let them know what happened. When performing a quantitative risk analysis, the answer is $30,000 USD. This is the amount of loss to the office of the health insurance company for the breach of its database.
Once the public authorities carry out a risk analysis, it is important that plans are put in place on how to manage the risk. For example, with the qualitative risk illustration, the credit card company must employ a system or install a program that automatically encrypts its customers’ data.
Smart Assets.
Protect your devices with Threat Protection by NordVPN
