Definition

residual risk

Contributor(s): Fran Sales

Residual risk is the threat that remains after all efforts to identify and eliminate risk have been made.

There are four basic ways of dealing with risk: reduce it, avoid it, accept it or transfer it. Since residual risk is unknown, many organizations choose to either accept residual risk or transfer it -- for example, by purchasing insurance to transfer the risk to an insurance company.

When addressing residual risk, organizations should:

Identify relevant governance, risk and compliance (GRC) requirements.
Determine the organization's control framework's strengths and weaknesses.
Acknowledge existing risks.
Define the organization's risk appetite.
Identify available options for offsetting unacceptable residual risks.

This was last updated in April 2014

Continue Reading About residual risk

Review five steps to identifying residual risk in the risk assessment process

Learn the operational and compliance risks associated with outsourcing

Read this ISO27k FAQ for common questions regarding risk assessment and management

Watch this video on how to be more proactive in your risk assessments

Check out the Information Security Handbook's residual risk formula

Dig Deeper on Risk management and compliance

All
News
Get Started
Evaluate
Manage
Problem Solve

SearchCIO

Home Depot CIO promotes in-house tech boot camp

For companies having trouble finding qualified IT professionals to hire, the solution may be closer than you think. Just ask Home...

CIO presentation to the board of directors: Candid tips from CIOs

Board presentations can be scary. The good news is CIOs can't go too wrong in a climate where boards are desperate to learn about...

Edge computing use cases must be driven by business value

For Schneider Electric and many other large enterprises that take a look at edge computing projects, the main criterion for ...

SearchHealthIT

AI, blockchain top healthcare CIO's list of emerging tech

In this Q&A, veteran healthcare CIO Geoffrey Brown talks about how his role has evolved, as well as why he's keeping an eye on ...

Cerner layoffs underscore company's move to reduce costs

Cerner laid off 255 employees as it seeks to reduce operating costs. One analyst said it's further evidence that the Meaningful ...

Telehealth technology improves healthcare access for rural areas

Rural communities often suffer from a lack of healthcare access, and nursing homes in these areas are doubly at risk. Telehealth ...

SearchCloudComputing

Oracle Cloud Infrastructure SVP shares competitive strategy

Former AWS engineer Clay Magouyrk was one of the first people Oracle hired to build OCI and says Oracle has plenty of time -- and...

Zenoss automates transition to cloud-based IT monitoring

In an effort to improve the user experience while transitioning from on-premises to cloud-based monitoring, Zenoss has added new ...

How to modernize apps as part of the cloud migration process

Take stock of your applications and modernize them where appropriate as part of a cloud migration. Learn about the benefits of ...

SearchDataCenter

New Dell EPYC servers embrace AMD Rome chips

Dell EMC goes from Naples to Rome with a new line of EPYC servers, including Ready Solutions for high-performance computing and ...

Can next-gen SIEM help cybersecurity initiatives?

More organizations are using SIEM, AI and cloud technology to minimize security breaches. Though despite interest, this ...

IBM z15 mainframe secures data across multi-cloud environments

IBM unveiled the latest in its line of mainframes capable of processing 1 trillion web transactions a day. The IBM z15 ...

SearchDataManagement

Swim DataFabric platform helps to understand edge streaming data

Swim released its new Swim DataFabric, which integrates with Microsoft Azure to help users organize and gain insights from ...

Dremio Data Lake Engine 4.0 accelerates query performance

Dremio issues a new platform update, defining itself as data lake engine technology that looks to help users connect and query ...

Weighing the use of third-party database administration tools

Database expert Chris Foot details the key reasons why DBAs should consider using third-party database administration to fill ...

SearchSecurity

Broken WannaCry variants continuing to spread

Researchers are still seeing surprisingly high WannaCry detection rates and they worry this points to high risks because systems ...

Sinkholed Magecart domains resurrected for advertising schemes

Security vendor RiskIQ discovered several old Magecart domains that had been sinkholed were re-registered under new owners and ...

IT/OT convergence is necessary, desirable, but not so simple

A secure IT/OT convergence requires a strategy that takes into account compliance requirements and likely threats and recognizes ...

Continue Reading About residual risk

Related Terms

Dig Deeper on Risk management and compliance

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.

File Extensions and File Formats