Crucial Technologies wants to ensure that they are protecting their assets from risk. They use security controls to lower the risk level down to a point that is within what the company can tolerate. What is the risk called that remains after the security controls are put in place?
Correct Incorrect Unanswered Report Issue Answer Description
Residual risk is the risk that remains after security controls have been implemented. There will always be leftover risk unless the risk is completely avoided.
Wikipedia
The residual risk is the amount of risk or danger associated with an action or event remaining after natural or inherent risks have been reduced by risk controls.The general formula to calculate residual risk is
residual risk
=
(
inherent risk
)
−
(
impact of risk controls
)
{\displaystyle {\text{residual risk}}=({\text{inherent risk}})-({\text{impact of risk controls}})}
where the general concept of risk is (threats × vulnerability) or, alternatively, (severity × probability).
An example of residual risk is given by the use of automotive seat-belts. Installation and use of seat-belts reduces the overall severity and probability of injury in an automotive accident; however, probability of injury remains when in use, that is, a remainder of residual risk.
In the economic context, residual means “the quantity left over at the end of a process; a remainder”In the property rights
Residual_risk - Wikipedia, the free encyclopedia Subscribe to avoid duplicate questions and track your progress over time