CISM - Information Security Risk Management - Section 2.3
Perform risk assessment and analysis using qualitative and quantitative methods.
Perform risk assessments using both qualitative risk analysis, such as risk matrices, and quantitative methods, including annual loss expectancy and single loss expectancy calculations. Choose the appropriate method based on data availability and audience, and interpret results to communicate risk in terms meaningful to business stakeholders.
Qualitative risk analysisQuantitative risk analysisRisk matrixALE/SLE
More in this domain
Back to all Information Security Risk Management objectives, or the CISM cert hub.
Examworthy is not affiliated with or endorsed by ISACA. Original, blueprint-aligned practice material only.