K1.13 Approaches and tools for the analysis of threats and vulnerabilities:
• approaches:
o qualitative – non-numeric:
▪ determine severity using RAG rating:
• red – high risk requiring immediate action
• amber – moderate risk that needs to be observed closely
• green – low risk with no immediate action required
o quantitative – numeric:
▪ analyse effects of risk (for example cost overrun, resource consumption)
• tools:
o fault tree analysis
o impact analysis
o failure mode effect critical analysis
o annualised loss expectancy (ALE)
o Central Computer and Telecommunications Agency (CCTA) Risk Analysis and Management
Method (CRAMM)
o strength, weakness, opportunity, threat (SWOT) analysis
o risk register – risk is identified and recorded using a RAG rating
o risk matrix – used to calculate the RAG rating for a risk
Links to Learning Outcomes |
Links to Assessment criteria |
|
|---|---|---|