Last Updated on December 21, 2021 by Admin
The MOST likely reason to use qualitative security risk assessments instead of quantitative methods is when:
- an organization provides services instead of hard goods.
- a security program requires independent expression of risks.
- available data is too subjective.
- a mature security program is in place.