According to the CRISC Review Manual (Digital Version), threat analysis would be the most helpful when estimating the likelihood of negative events, as it involves identifying and evaluating the sources and causes of potential harm or loss to the IT assets and processes. Threat analysis helps to:
Determine the frequency and probability of occurrence of different types of threats, such as natural disasters, human errors, malicious attacks, system failures, etc.
Assess the impact and severity of the threats on the confidentiality, integrity and availability of the IT assets and processes
Prioritize the threats based on their likelihood and impact
Develop appropriate risk response strategies to prevent, mitigate, transfer or accept the threats
References = CRISC Review Manual (Digital Version), Chapter 1: IT Risk Identification, Section 1.5: IT Risk Identification Methods and Techniques, pp. 35-361
Submit