CISM Certified Information Security Manager – Question0416 - CISM Certified Information Security Manager

Quantitative risk analysis is MOST appropriate when assessment data:

A. include customer perceptions.
B. contain percentage estimates.
C. do not contain specific details.
D. contain subjective information.

Correct Answer: B

Explanation:

Explanation: Percentage estimates are characteristic of quantitative risk analysis. Customer perceptions, lack of specific details or subjective information lend themselves more to qualitative risk analysis.