Risk Assessment Dr. Md Abdur Rahman Qualitative and Quantitative Analysis

Questions and Answers

PDF Questions PDF Answers

What is the main difference between Qualitative RISK and Quantitative RISK?

Quantitative RISK deals with high budgets while Qualitative RISK deals with low budgets.

Quantitative RISK is easy to handle while Qualitative RISK is more complex.

Quantitative RISK relies on experience while Qualitative RISK involves financial implications.

Quantitative RISK involves cost estimates while Qualitative RISK involves subjective judgments. (correct)

What type of risk is highlighted in the statement 'BYOD – Because risk is HIGH and savings is high'?

Management risk

Qualitative risk (correct)

Quantitative risk

Operational risk

Why does handling the risk of HDD Failure and motherboard burn fall under Qualitative RISK?

It directly impacts cost savings.

It requires a high budget allocation.

It involves subjective judgments about the severity of these risks. (correct)

It can be quantified easily.

In the given context, why might handling Qualitative RISK be challenging?

Difficulty in assigning numerical values to risks.

What would be a typical approach to handling a Qualitative RISK like 'motherboard burn'?

Seeking expert opinions and experiences.

What is the primary focus of Risk Mitigation according to the text?

Minimizing the impact of vulnerabilities

Which action is NOT suggested in the text as part of Risk Transference?

SMB V1 shutdown

What is the possible outcome of shutting down SMB V1 as mentioned in the text?

Reduced likelihood of operational consequences

In which case might it be more cost-effective to accept a security risk according to the text?

When mitigating the risk is more expensive than accepting it

Why is it essential for organizations to consider both Security Risk and Operational Consequences together?

To understand the full impact of a security breach

What is a recommended policy that a Cyber Security Expert may suggest to enhance security in the network environment?

Verifying any command by a second person before execution

How can an organization transfer the risk to another entity according to the text?

Having a warranty with a third party

What action can mitigate the risk of Wannacry infection through flash memory within an intranet?

Blocking incoming connections at port 445 in the firewall

In the context of minimizing risk to an acceptable level, what is NOT mentioned as a recommended action against risks like going to the grocery store?

Avoiding crowded areas

What is a potential downside of implementing a policy where any command must be verified by a second person before execution?

Increased operational cost