A Comparative Study on Information Security Risk Analysis Practices
Information is a key asset for organizations, and reducing the risk of information compromise is a high priority. There are a lot of risk analysis methods available today, some of which are qualitative while others are more quantitative in nature. They all have the same fundamental target to estimate the overall value of risk, but most attempts to hit the target from very different approaches. Some approaches can be applied to all types of risk, while others are specific to particular risks. This paper addresses some of the methodologies used currently to analyze information security risks. The main task for an organization is to determine which one to use.