Qualitative Risk Assessment
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
1 hour 39 minutes
This is risk management and information technology.
In this lesson we will be discussing the qualitative risk assessment process. Different methodologies for qualitative risk assessment and the Delphi technique.
In the previous lesson, we talked about the risk assessment process and an overview on how the risk assessment team gathers data during an assessment.
Qualitative risk assessment is a scenario based assessment
that involves data gathering of measurements using surveys, questionnaires and interviews.
Scenario based questions can destroy driven and the answers are asked in a scale to evaluate risk cause and effects of the risk.
Here are some qualitative risk assessment techniques,
brainstorming involves a group of people discussion the scenario and talking about the potential risks and mitigation.
Starboard is a visual session where scenarios are discussed and shaped, identify risks. This is usually done in a presentation tile studying.
Focus groups on the other hand are similar to brainstorming sessions but involve other key subject matter experts from different departments To give a more holistic view of the risk assessment
surveys and questionnaires are usually online, anonymous queries across the department.
The risk assessment team collects this information and identifies the risks, which are scaled and ranked checklists are given to key subject matter experts in the department and these answers are collected and scored by the risk assessment,
one on one meetings and interviews are discussed with the subject matter experts to identify risk and occurred mitigation procedures.
These are usually the grants of the team are most familiar with the overall process and procedures, as well as inherent risks of the operation
determining which technique to use varies. It is suggested that the methods used to gather information is designed to fit the culture of the organization. More conservative or large organizations would prefer service to collect information,
whereas larger busy departments will have limited time for face to face meetings and interviews may be preferred by smaller group or more. Extroverted department
techniques can also be used in combination with each other to uncover the most relevant risk and organization.
Different techniques will yield different results which can then be compared and contrasted against each other
with that in mind. Let's step through what content scenario based questions would look.
The risk assessment team creates a questionnaire which can come from various sources and may contain questions or surveys used throughout the industry.
This questionnaire may contain different scenarios pertaining to the potential risks,
may describe threat levels of a risk lost potential of probability, as well as advantages and disadvantages of safeguards for the risk if there are any,
these questioners are released a diverse group of participants.
These can be key subject matter experts or the actual operators of the process to ensure the usefulness ability of the service.
Another common tool used by risk assessment teams is called the Delphi technique
which involves an anonymous feedback questionnaire, a survey which is distributed and presented to a group for evaluation
and involves four ft
face. One of the Delphi technique involves administering the questionnaire to key subject matter experts in the department where the answers are collected,
which will be used to decide a second questionnaire.
In Phase two, the technique assessment improvised the feedback from Phase one and creates a new set of questions from the first questionnaire, which is then redistributed and collected back
In Phase three. This involves returning to feed back again from Phase two
And another set of questions are formed from the Phase two Answers. At this point the participants ranked statements and questions from the fever of Sue's
which had phase for the risk assessment team can consider more phases if needed. Our craft the survey to focus on less questions and repeat pastry until a consensus of the risk assessments that is achieved.
The reason why we administer the Delphi technique is to ensure a fair and holistic view of risks from virus department heads and subject matter experts.
The group will narrow don't risk into key items which are actionable by the organization.
Just a quick quiz.
True or false
Qualitative risk assessment is a calculation based assessment.
The answer is false. Qualitative risk assessment is not a calculation based assessment.
qualitative risk assessment includes the following its assessment
surveys, questionnaires, checklists and interviews.
Yes that's true.
Qualitative risk assessment uses surveys, questionnaires, checklists, interviews.
qualitative risk assessment using Delphi technique include
a anonymous feedback questionnaire.
Be written on paper purpose responses
compiled and presented to a group
or D. All of the above
the answer is D. All of the above.
uses a four step process that involves anonymous feedback questionnaires that is compelling presented to a group until consensus is determined.
we learn what is a qualitative risk assessment and a different data gathering methods, such as surveys, questionnaires and interviews.
We discuss how questions are structured,
and we also talked about the Delphi technique on how it is deployed.
Thank you for completing this lesson. This is your instructor robert gonna.