Assume that you are the Chief Information Security Officer of your state's Department of Transportation. The state has approved latest regulation that requires all state agencies to abide by new state information security policy. This includes requirement of current risk management program. You realize that last risk assessment for your organization was conducted two years ago. All agencies are required to be in compliance with the new state security policy within 4 months. Which risk assessment approach will you follow - quantitative approach or qualitative approach? Explain your reasons. (Maximum words: 500)