Estimating potential loss is an important task of CISSPcerti

Estimating potential loss is an important task of CISSP-certified professionals. In order, which of the following are the steps used to perform a quantitative assessment?

A. Estimate potential losses, perform a vulnerability assessment, and determine annual loss expectancy

B. Estimate potential losses, conduct a threat analysis, and rank losses as high, medium, or low

C. Assemble a team, prepare a matrix of critical systems and services, and rank losses as high, medium, or low

D. Estimate potential losses, conduct a threat analysis, and determine annual loss expectancy

Solution

D. Quantitative assessment deals with numbers and dollar amounts. It attempts to assign a cost (monetary value) to the elements of risk assessment and to the assets and threats of a risk analysis. To complete the assessment, first estimate potential losses, then conduct a threat analysis, and finally determine annual loss expectancy. Answer A, B, and C do not detail the steps needed to perform a quantitative assessment.