Risk Assessment Methods

Risk Assessment Methods

With more and more regulations and importance of information security risk management is a growing topic. Especially in my areas of interest, project management and information security.

Interestingly, everyone seems to have an intuitive idea about what risk is. However, learning more about the topic yields more complexity that the topic has. Moreover, neither there is one universe definition of risk nor one way to access risks. Therefore, I’ve started to collect a list of methods and approaches for accessing risks. (it’s not a tool list).

In in article from Gaute Wangen, Springer, pdf, risk assessment frameworks are determined by the risk definition as follows:

  • R = E, expected value (large numbers)
  • R = P & C, probability and consequence (scenario based)
  • R = C, consequence
  • R = C & U, consequence and uncertainty
  • R = ISO, uncertainty on objectives
  • R = CI, conflicting incentives

[table id=2 /]

Other Internet Resources