Security Risk Assessment

Male executive drawing a risk assessment diagram

There are a number of distinct approaches to risk assessment that essentially break down into two types:

quantitative and qualitative.




Quantitative Risk Assessment

Quantitative risk assessment employs two fundamental elements:

  1. The probability of an event occurring
  2. The likely loss should it occur

Qualitative Risk Assessment

Qualitative risk assessment makes use of three basic elements:

  • Threats – things that could go wrong
  • Vulnerabilities – things that make a system more prone to attack
  • Controls – the countermeasures for vulnerabilities
    1. Deterrent controls reduce the likelihood of a deliberate attack.
    2. Preventative controls protect vulnerabilities and make an attack unsuccessful or reduce its impact.
    3. Corrective controls reduce the effect of an attack.
    4. Detective controls discover attacks and trigger preventative or corrective controls.

Private Eye Security exposes these risks and vulnerabilities to our clients and recommends an implementation plan that best suits our clients’ needs.