Advantages and Disadvantages of Quantitative and Qualitative Information Risk Approaches

Abstract

Due to rapidly development of information systems, risk and security issues have increased and became a phenomenon that concerns every organization, without considering the size of it. To achieve desired results, managers have to implement methods of evaluating and mitigating risk as part of a process well elaborated. Security risk management helps managers to better control the business practices and improve the business process. An effective risk management process is based on a successful IT security program. This doesn't mean that the main goal of an organization's risk management process is to protect its IT assets, but to protect the organization and its ability to perform their missions. During this process, managers have to take into consideration risks that can affect the organization and apply the most suitable measures to minimize their impact. The most important task is choosing the best suited method for analyzing the existing risk properly. Several methods have been developed, being classified in quantitative and qualitative approaches of evaluating risk. The purpose of this paper is to present the advantages and disadvantages of each approach taking current needs and opportunities into consideration.