Upper management decides which risk to mitigate based on cost. This is an example of:
A.
Qualitative risk assessment
B.
Business impact analysis
C.
Risk management framework
D.
Quantitative risk assessment
Explanation:
Quantitative analysis / assessment is used to the show the logic and cost savings in replacing a server for
example before it fails rather than after the failure. Quantitative assessments assign a dollar amount.
Incorrect Answers:
A: Risk can also be calculated qualitatively and are subjective in nature.
B: A business impact analysis is the process of evaluating all of the critical systems in an organization to
define impact and recovery plans. BIA isn’t concerned with external threats or vulnerabilities; the analysis
focuses on the impact a loss would have on the organization. A BIA comprises the following: identifying
critical functions, prioritizing critical business functions, calculating a timeframe for critical systems loss,
and estimating the tangible impact on the organization.
C: A risk management framework is an umbrella term that concerns all risk management best practices.Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 17, 28-29