Qualitative risk

Since most risks cannot always be calculated accurately, but some way of categorising risks is useful, we need a pragmatic solution:

HighCBA
Potential value of loss MediumDCB
LowEDC
 Low  Medium  High 
Likelihood
Tackle the A's first
Then the B's
Don't worry too much about the E's


CRAMM

CCTA's Risk Analysis and Management Methodology (CRAMM)

Identify and value

Identify threats (hazards) to groups of assets Identify vulnerabilities of groups of assets Assess level of risk from asset values and levels of threats and vulnerabilities


UpOther topics Comments please to: dwfarthi@glam.ac.uk © 1999, University of Glamorgan