Premium Essay

Qualitative vs. Quantitative Risk Assessment

In:

Submitted By cowboys
Words 851
Pages 4
Qualitative vs. Quantitative Risk Assessment

U.S. Industries, Inc. has just won a contract with the U.S. Government to expand an existing network. U.S. Industries has never traded with the U.S. Government at this level before, thus we must gain an understanding of the qualitative and quantitative risks surrounding this project. We must also look at Operations, Audit, Compliance, Budgeting and the many other facets of business that we may be able to map out all of the components used to assign a proper risk rating to this project.

Quantitative risk assessment begins when we have the ability to apply a dollar amount to a specific risk. If the project was to be finished a month early there would not be a risk because the company would save money, however at what cost? Projects that are done early usually go wrong. If the project is completed on time but not with the required security measures the company would not be in compliance with PCI DSS. By completing the project a month early using the mandatory security requirements there is no risk.

Qualitative risk assessment comes into play in a different form. There are additional factors and threat vectors into our contract. We now find out that the database that once held only 1,000 records is now going to hold a range of 100,000 records to 1,000,000 records, as well as the new knowledge that multiple groups within the organization will be accessing and modifying the database daily. We have also been informed that we have ninety days to document and remediate this issue as the system is not in compliance with the Health Insurance Portability and Accountability Act (HIPAA).

We must now see the inherent vulnerabilities that exist on the system or application. One of which is that the application is vulnerable to a SQL Injection; this is the method in which a malicious user will attempt to append additional data

Similar Documents

Premium Essay

Risk Consultant

...ISSC 363 Risk Consultant 24 January 2016 Risk Consultant A risk assessment is a way to identify, evaluate, quantify, and prioritize risks (Gibson, 2011). They are primarily used to assess the overall security of a network from the eyes of an attacker in order to protect the network from intruders (Schmittling, n.d.). There are no regulations instructing organizations on how systems need to be controlled or secured, however there are regulations requiring systems be secure in one way or another (Schmittling, n.d.). The rationale for conducting an assessment include: cost justification, productivity, breaking barriers, self analysis, and communication (Schmittling, n.d.). Adding security adds an extra expense that may not seem justifiable to a company. Businesses may not understand that an intrusion could cost more than proper security equipment and it is important for a security risk analysist to relay this important information. Productivity can be increased by properly formalizing a formalizing a review and implementing self analysis features (Schmittling, n.d.). Conducting a risk assessment can also break down barriers between the organization's management and the IT staff as they work together to secure the network. By making the security risk assessment system easy to use, management will be able to take part in the security of the network which will in turn make security a part of the business's culture. Risk assessments can boost communication...

Words: 792 - Pages: 4

Premium Essay

Risk Management Info

...Identify – Risk identification allows individuals to identify risk so that the operations staff becomes aware of potential problems. Not only should risk identification be undertaken as early as possible, but it should also be repeated frequently. There are multiple types of risk assessments, including program risk assessments, risk assessments to support an investment decision, analysis of alternatives, and assessments of operational or cost uncertainty. Risk identification needs to match the type of assessment required to support risk-informed decision making. Brainstorming is also a good method to use to identify risks. Everyone involved with the project to be included in risk identification. Review the project scope, cost estimates, schedule, technical maturity, key performance parameters, performance challenges, stakeholder expectations vs. current plan, external and internal dependencies, implementation challenges, integration, interoperability, supportability, supply-chain vulnerabilities, ability to handle threats, cost deviations, test event expectations, safety, and security. Review historical data from similar projects, stakeholder reviews, and risk lists provide valuable insight into areas for consideration of risk. Analyze and prioritize – Risk analysis transforms the estimates or data about specific risks that developed during risk identification into a consistent form that can be used to make decisions around prioritization. Risk prioritization enables...

Words: 480 - Pages: 2

Premium Essay

Assignment

...CASE STUDY Submitted to: MADAM ZOYA KHAN Submitted by: BABAR AZIZ SUBJECT: BRAND MANAGEMENT Q1: Describe the purpose of market research? Marketing research can help firms to discover consumers' opinions on a huge range of issues, e.g., views on products' prices, packaging, recent advertising campaigns  Reduce the risk of product/business failure - there is no guarantee that any new idea will be a commercial success, but accurate and up-to-date information on the market can help a business make informed decisions, hopefully leading to products that consumers want in sufficient numbers to achieve commercial success.  Forecast future trends - marketing research can not only provide information regarding the current state of the market but it can also be used to anticipate future customer needs. Firms can then make the necessary adjustments to their product portfolios and levels of output in order to remain successful. Q2: Explain the difference between primary research and secondary research? Primary Research vs. Secondary Research Primary research and secondary research are two terms that are to be understood differently due to the fact that they differ in their concepts and methods. One of the major differences between primary and secondary research is that primary research is conducted with the help of the primary sources available whereas secondary research is conducted on the basis of some data collected...

Words: 1001 - Pages: 5

Free Essay

Thesis

...if differentiated instruction had an effect on student achievement. The researcher sought to answer two research questions “Does differentiated instruction have an impact on student achievement?” and “Are there components of differentiated instruction that have a greater impact on student achievement than others?” The study followed a mixed method design and consisted of two parts. First, a quantitative analysis of test scores from the Michigan Education Assessment Program (MEAP) and teacher and student survey results were analyzed as a means to outline broad relationships from the data. Results from the quantitative findings directed the researcher on how to frame the qualitative design. Second, a qualitative analysis of classroom observations and interviews with teachers was conducted. The qualitative portion of this study followed a social interactionism orientation adopted by social interactionism theorist (Blumer, 1969). This approach allowed the researcher to analyze relationships between the differentiation variables. The quantitative data methods of surveys and test scores, qualitative techniques of classroom observations, and teacher interviews were triangulated. Triangulation of data was used to support research findings through independent measures to point to the same conclusions (Webb et al., 1965). The conceptual framework (Hall, 2004) served as the foundation in the identification of the differentiation variables to be studied. The research findings supported the...

Words: 1581 - Pages: 7

Premium Essay

Risk Management

...1 Introduction Risk is an expression that is pointing out a possible future outcome, where this outcome might be positive or negative arising from an action. While risks can affect almost all aspects of our life, studies back to the end of World War II only started to take place establishing the basis of how risks might be controlled and managed (Dionne, 2013), even in the context of financial institutions, risk analysis was not well considered until very recently (SCHROECK, 2002). Since the negative outcomes of an action are undesired and to some extent, catastrophic, risk management is getting greater attention overtime and becoming an integral part of managing businesses and projects or even personal events. Risk management, in my opinion, is described as the process of defining, assessing, prioritizing, and then developing and implementing plans for either minimizing the impact of the future outcome in case of negative risk or maximizing the impact of the future outcome in case of positive risk. Another definition dealing with the project’s risks, as per the Project Management Institute is that “Project Risk Management includes the process of conduction risk management planning, identification, analysis, response planning, and monitoring and control of a project.” (PMI, 2008, p. 273) Moreover, leveraging the possibility and effect of positive risks and reducing the possibility and impact of negative risks are indeed the objectives of project risk management (PMI, 2008)...

Words: 1901 - Pages: 8

Premium Essay

Risk Assessment

...large emphasis on financial risk assessments. The risk assessment process is needed to identify risks that need to be treated within an organization, as well as to provide strategies and methods that are most appropriate to treat these risks. Because many organizations are poorly aligned between their risk exposure and their risk appetite, it is important to engage in the risk assessment procedures. These procedures can help an organization prevent risk exposure and determine if their current operations will result in an increase or decrease of market value and owners’ wealth. As a result of the economic crisis, and the recent increase in corporate failures, organizations can now learn from the mistakes of others. This paper will discuss the mistakes that lead WorldCom, a telecom company that was once the fourth-ranked in Fortune 500, to bankruptcy in 2002, in an effort to demonstrate the importance of successful risk assessment and alignment implementation. Keywords: corporate failure, risk analysis, risk assessment, risk management, WorldCom Over the past years, and as a result of high profile firm failures, the economic crisis, and increased regulatory pressure, many organizations have placed a large emphasis on financial risk assessments. Risk assessment is the process where risk managers analyze the risks of an organization and identify risks that need to be treated (Tarantino & Cernauskas, 2011, p.47). In addition, a risk assessment provides strategies and...

Words: 4331 - Pages: 18

Premium Essay

Normas

...Risk-Based Inspection API RECOMMENDED PRACTICE 580 SECOND EDITION, NOVEMBER 2009 --``,,,,,``,,`,``,``,`````````,,-`-`,,`,,`,`,,`--- --``,,,,,``,,`,``,``,`````````,,-`-`,,`,,`,`,,`--- Risk-Based Inspection Downstream Segment --``,,,,,``,,`,``,``,`````````,,-`-`,,`,,`,`,,`--- API RECOMMENDED PRACTICE 580 SECOND EDITION, NOVEMBER 2009 Special Notes API publications necessarily address problems of a general nature. With respect to particular circumstances, local, state, and federal laws and regulations should be reviewed. API is not undertaking to meet the duties of employers, manufacturers, or suppliers to warn and properly train and equip their employees, and others exposed, concerning health and safety risks and precautions, nor undertaking their obligations under local, state, or federal laws. Information concerning safety and health risks and proper precautions with respect to particular materials and conditions should be obtained from the employer, the manufacturer or supplier of that material, or the material safety datasheet. Neither API nor any of API’s employees, subcontractors, consultants, or other assigns make any warranty or representation, either express or implied, with respect to the accuracy, completeness, or utility of the information contained herein, or assume any liability or responsibility for any use, or the results of such use, of any information or process disclosed in this publication, or represent that its used would...

Words: 21683 - Pages: 87

Premium Essay

Framework

...Operations Exam Framework Exam writing * Use headings and titles * Be short and clear * Executive summary is useful * Use exhibits + quantitative analysis * Don’t repeat case facts Strong Exams * Support claims with evidence * Are specific * Address root causes * Prioritize time and actions * Impact of actions * Organization of report * Use exhibits for assumptions * Actions consistent with analysis Read the Case Executive Summary – must do Think of Decision and make analysis lead to it Context * Role * Limitations of the role * Other stakeholders? * Issue: Write a sentence outlining the core problem * Prioritize the issues * Key issues symptoms outcomes (financial concerns = revenue/profit) * (Design (product/process matrix), Capacity, Inventory (SCM), Quality) * Goal: Long term plans and goals – motivation * Decision * Constraints and other considerations * Time, money, scope – tradeoffs External Economy: Implications Industry Size-up * Trends in the industry (growth?) Stage of growth (prospect if start-up but low revenues, if mature there is competition and revenues grow slower, if stable cost control is important and maybe look to differentiate) * What are customers looking for? * Political, Social, Technology * Where do we fit in the industry? * Nature of industry volume or niche? Operational approach...

Words: 2426 - Pages: 10

Premium Essay

Sdlp

...Organize and strengthen knowledge in each measurement tool for decision-making GB519: Learn to thoroughly examine decisions using measurement perspectives; immediately interpret the possible outcomes of decisions based on quantitative and qualitative values. GB519: The class text truly taught me a number of measurement concepts in decision-making including our ch. readings and assignments related to decision-tree analysis, forecasts, and pay-off table. The course material and the hands-on excel assignment was definitely a huge contribution to what I now know and understand of it. Investigate effective measurement techniques GB519: Understand the ongoing issues in decision-making such as investment risks, residual income, or performance-related issues pros and cons today. GB519: Unit 2’s discussion on decision making and analysis in today’s music market segments directly helped me understand effective qualitative measurement techniques in making decisions. Forecasts is another great pointer for making decisions based on quantitative understanding. Applying ethical principles GB519: Explore current cases in management decisions and identifying issues. GB519: There were several unit discussion topics that helped enhance my view in understanding ethics in decision-making including our insightful threads on biases, data integrity, and auditing. Understanding leadership approaches to processing decision GB519: Learn to be proactive and determine what’s good, bad, or what...

Words: 442 - Pages: 2

Premium Essay

Kitchen Remodel Risk Management Plan

...Remodel Risk Management Plan Maitai Gordwin North Central University Abstract Project Management is the application of knowledge, skills, tools and techniques to project activities to meet project requirements (Project Management Institute, 2008; Gordwin, 2012). When applying this knowledge effective management of appropriate processes is required. Risk Management is considered most critical and includes the processes of conducting risk management planning, identification, analysis, response planning, and monitoring and control on a project. The purpose of the risk management plan is to establish framework in which the project team will identify risks and develop mitigation strategies to avoid, eliminate or convert to opportunities for a kitchen remodel project. The risk management plan will include the following: risks processes and procedures; top priority risks; risks identification; quantitative and qualitative analysis; risks monitoring and controlling; risks closure and lessons learned. Kitchen Remodel Risk Management Plan PURPOSE OF RISK MANAGEMENT PLAN The overall goal of Project Risk Management is to ensure the increase of opportunities and the decrease of risk. Risks are uncertain events or conditions that, it they occur, have a positive or negative effect on a project objective (Project Management Institute, 2008). Plan risk management is the process of defining how to conduct risk management activities for a project. The purpose of the risk management...

Words: 3254 - Pages: 14

Premium Essay

Wengart Aircraft

...Risk Factor Analysis— A New Qualitative Risk Management Tool John P. Kindinger, Probabilistic Risk and Hazards Analysis Group, Los Alamos National Laboratory John L. Darby, Probabilistic Risk and Hazards Analysis Group, Los Alamos National Laboratory Introduction Project risk analysis, like all risk analyses, must be implemented using a graded approach; that is, the scope and approach of the analysis must be crafted to fit the needs of the project based on the project size, the data availability, and other requirements of the project team. Los Alamos National Laboratory (LANL) has developed a systematic qualitative project risk analysis technique called the Risk Factor Analysis (RFA) method as a useful tool for early, preconceptual risk analyses, an intermediate-level approach for medium-size projects, or as a prerequisite to a more detailed quantitative project risk analysis. This paper introduces the conceptual underpinnings of the RFA technique, describes the steps involved in performing the analysis, and presents some examples of RFA applications and results. project activity flow chart to help organize the RFA. The flow chart defines the tasks to be modeled and their interrelationships for the project schedule analysis. WBS and schedule tasks may be consolidated and/or expanded to explicitly highlight those tasks and influences that are expected to have a significant technical risk and/or significant uncertainty in schedule or cost performance. The flow chart is developed...

Words: 2257 - Pages: 10

Free Essay

World Health

...Environmental Health Impact Assessment., Evaluation of a Ten-Step Model Rainer Fehr "Environmental impact assessment" denotes the attempt to predict and assess the impact of development projects on the environment. A component dealing specifically with human health is often called an "environmental health impact assessment." It is widely held that such impact assessment offers unique opportunities for the protection and promotion of human health. The following components were identified as key elements of an integrated environmental health impact assessment model: project analysis, analysis of status quo (including regional analysis, population analysis, and background situation), prediction of impact (including prognosis of future pollution and prognosis of health impact), assessment of impact, recommendations, communication of results, and evaluation of the overall procedure. The concept was applied to a project of extending a waste disposal facility and to a city bypass highway project. Currently, the coverage of human health aspects in environmental impact assessment still tends to be incomplete, and public health departments often do not participate. Environmental health impact assessment as a tool for health protection and promotion is underutilized. It would be useful to achieve consensus on a comprehensive generic concept. An international initiative to improve the situation seems worth some consideration. (Epidemiology 1999;10:618625) Keywords:...

Words: 2887 - Pages: 12

Premium Essay

Test

...Dear Ms. Lopez: Based on a quantitative and qualitative assessment of the current offer, it is my recommendation NOT to accept the offer of $22,500,000 for Uptown Plaza because there is an approximate 80% probability that the present value of Uptown Plaza will be greater than the current offer if you wait until the lease renewals for the tenants in question are in place (see Appendix A). The below assessment summarizes the downside, but more importantly in this case, upside risk of waiting to sell rather than accepting the current offer. There are 3 key factors that drive the present commercial value of the shopping centre – the probability of renewal, the renewed rental amount, and the probability of a new tenant in the event of non-renewal. Other factors include variability in monthly operating costs and future interest rates i.e., impact on cap rate. It is important that each factor be assessed individually at a tenant level, rather than applying averages which may mask key drivers. In the “base” case, where the assumed probabilities of lease renewal and new tenant are taken and fair market rental rates are assumed, the present value of Uptown Plaza is $23,844,000. This assumes a 9% cap rate and a 0.5% monthly increase in operating costs. Additionally, when In a “conservative” scenario, where all tenants are renewed at TriDev’s minimum acceptable rent increase, the valuation is still higher than the current offer ($23,226,000). However, due to the high probability...

Words: 620 - Pages: 3

Free Essay

I Dont Know

...among young adults with juvenile idiopathic arthritis (JIA) and matched peers during the transition from adolescence to emerging adulthood. Design: Quantitative. Methods: Participants included 45 participants with JIA (M = 12.64 years post diagnosis), 46 peers, and their parents. Results: Young adults in both groups were similar on a variety of outcomes, including social self-concept, social competence, family relationships, friendships, and romantic relationships. In general, disease factors were not associated with adjustment. Clinical Implications: Interventions to assist social functioning may not be necessary for all children with JIA, but additional research is needed to identify potential subgroups at risk for difficulties. Khani, M., Ziaee, V., Moradinejad, M., & Parvaneh, N. (2013). The effect of positive family history of autoimmunity in juvenile idiopathic arthritis characteristics: A case control study. Iranian Journal of Pediatrics, 23(5), 569-573. Retrieved from http://library.gcu.edu:2048/login?url=http://search.ebscohost.com.library.gcu.edu:2048/login.aspx?direct=true&db=ccm&AN=2012347719&site=ehost-live&scope=site Abstract: To compare Juvenile Idiopathic Arthritis (JIA) patients with and without family history of autoimmune disease with respect to clinical features and laboratory data. Design: Quantitative. Methods: Sixteen JIA patients with family history of autoimmune disease were identified during study, 32 patients were chosen for comparative group...

Words: 1253 - Pages: 6

Premium Essay

Security

...Paper IT Security Risk Management By Mark Gerschefske Risk Analysis How do you predict the total cost of a threat? Is it only the cost to restore the comprised system and lost productivity? Or does it include lost revenue, customer confidence, and trust of investors? This paper provides an overview of the risk management process and its benefits. Risk management is a much talked about, but little understood area of the IT Security industry. While risk management has been practiced by other industries for hundreds of years, little historical data exists to support qualitative analysis in the IT environment.1 The industry approach has been to buy technology without really understanding the potential underlying risks. To further complicate matters, new government regulations create additional pressure to ensure sensitive data is protected from compromise and disclosure. Processes need to be developed that not only identify the sensitive data, but also identify the level of risk posed due to noncompliance of corporate security policies. Verizon has developed security procedures based on industry standards that evaluate and mitigate areas deemed not compliant to internal security policies and standards. Through the use of quantitative analysis, Verizon is able to determine areas that present the greatest risk, which allows for identification and prioritization of security investments. Risk Mitigation Process The Risk Mitigation Process (RMP) is a part of risk management that...

Words: 2021 - Pages: 9