Principles of Information Security

Organizations can use various approaches when they need to manage potential and current risks. Two available groups of strategies are qualitative and quantitative ones, and they are significantly different. On the one hand, quantitative assessment is “an asset valuation approach that attempts to assign absolute numerical measures” (Whitman & Mattord, 2018, p. 306). In other words, this management approach relies on actual values and estimates, and popular examples include cost-benefit analysis, the annual rate of occurrence, and others. On the other hand, qualitative assessment refers to using categorical or non-numeric values to manage risks (Whitman & Mattord, 2018). Benchmarking, baselining, and others are requested examples of qualitative risk management. When it comes to the annual rate of occurrence, one can either assign a specific value (quantitative approach) or enumerate possible risks and rate them using scales (qualitative strategy). This statement represents the most evident difference between the two risk management strategies under analysis.

As far as my opinion is concerned, I do not think that any of these approaches can be considered better or worse. I believe that their effectiveness depends on many factors, and it can be more suitable to rely on qualitative approaches in some cases, but quantitative strategies can be better in others. For example, an organization should use quantitative risk management when this business can deal with precise numerical values and figures. However, the given approach will be useless if it is impossible to generate numerical data. In this case, qualitative risk management strategies can produce suitable outcomes. Consequently, this information demonstrates that quantitative and qualitative risk management principles are different and used in various circumstances, meaning that it is impossible to state which approach is better.

Reference

Whitman, M. E., & Mattord, H. J. (2018). Principles of information security (6th ed.). Cengage Learning.

Cite this paper

Select style

Reference

StudyCorgi. (2023, March 27). Principles of Information Security. https://studycorgi.com/principles-of-information-security/

Work Cited

"Principles of Information Security." StudyCorgi, 27 Mar. 2023, studycorgi.com/principles-of-information-security/.

* Hyperlink the URL after pasting it to your document

References

StudyCorgi. (2023) 'Principles of Information Security'. 27 March.

1. StudyCorgi. "Principles of Information Security." March 27, 2023. https://studycorgi.com/principles-of-information-security/.


Bibliography


StudyCorgi. "Principles of Information Security." March 27, 2023. https://studycorgi.com/principles-of-information-security/.

References

StudyCorgi. 2023. "Principles of Information Security." March 27, 2023. https://studycorgi.com/principles-of-information-security/.

This paper, “Principles of Information Security”, was written and voluntary submitted to our free essay database by a straight-A student. Please ensure you properly reference the paper if you're using it to write your assignment.

Before publication, the StudyCorgi editorial team proofread and checked the paper to make sure it meets the highest standards in terms of grammar, punctuation, style, fact accuracy, copyright issues, and inclusive language. Last updated: .

If you are the author of this paper and no longer wish to have it published on StudyCorgi, request the removal. Please use the “Donate your paper” form to submit an essay.