Definition

residual risk

Contributor(s): Fran Sales

Residual risk is the threat that remains after all efforts to identify and eliminate risk have been made.

There are four basic ways of dealing with risk: reduce it, avoid it, accept it or transfer it. Since residual risk is unknown, many organizations choose to either accept residual risk or transfer it -- for example, by purchasing insurance to transfer the risk to an insurance company.

When addressing residual risk, organizations should:

Identify relevant governance, risk and compliance (GRC) requirements.
Determine the organization's control framework's strengths and weaknesses.
Acknowledge existing risks.
Define the organization's risk appetite.
Identify available options for offsetting unacceptable residual risks.

This was last updated in April 2014

Continue Reading About residual risk

Review five steps to identifying residual risk in the risk assessment process

Learn the operational and compliance risks associated with outsourcing

Read this ISO27k FAQ for common questions regarding risk assessment and management

Watch this video on how to be more proactive in your risk assessments

Check out the Information Security Handbook's residual risk formula

Dig Deeper on Risk management and compliance

SearchCIO

3 steps to recalibrate a strategic IT roadmap

Business leaders must reevaluate their IT roadmap to ensure it aligns with today's growing landscape. Deloitte's IBM Alliance ...

Experts predict hot enterprise architecture trends for 2021

IT architecture trends to watch in 2021 include organizing business around components and expanding tools to focus on business ...

Cloud, security top list of IT spending priorities

The COVID-19 pandemic's influence on IT spending will continue into 2021, as organizations bolster security, accelerate cloud ...

SearchHealthIT

Real-time customer experience in healthcare is on the horizon

Forrester's chief business technology officer explains how tools that capture data in real time can help healthcare organizations...

A look inside the all-in-one HCISPP exam guide

Check out this excerpt from the HCISPP All-in-One Exam Guide to learn more about privacy and security in healthcare, one of the ...

Get started on your HCISPP training with this practice quiz

Are you thinking of taking the HCISPP exam? If so, here's 10 practice questions from Sean P. Murphy's 'HCISPP All-in-One Exam ...

SearchCloudComputing

IBM acquisition spree targets hybrid cloud consulting market

Acquiring five providers specializing in cloud-based consulting and managed services since November, IBM wants to make it easier ...

How to choose between IaaS and SaaS cloud models

Even if you already moved a few workloads to the cloud, it's never too early to start looking at where you are going and never ...

COVID-19 and remote work shift cloud predictions for 2021

If we learned anything from 2020, it's to expect the unexpected. Yet that doesn't stop analysts from trying to predict what's to ...

SearchDataCenter

IBM revenues head south again as hardware, services sales dip

Reporting its sharpest decline in five years, IBM revenues for 2020 dove 5%. CEO Krishna highlights opportunities and vows to run...

Get a template to estimate server power consumption per rack

Admins can struggle with power consumption estimation as infrastructure gets more complex. The kW-per-rack metric can help ...

When the chips are down, Intel turns to VMware's Pat Gelsinger

Newly appointed Intel CEO Pat Gelsinger brings technical chops to the top of the giant chipmaker, but it may take a while to ...

SearchDataManagement

Enterprise data lakes hold the key to actionable insights

Technological pillars of sound business decisions, AI, machine learning and advanced analytics depend on the quantity, quality ...

Data fabrics help data lakes seek the truth

Data fabrics can play a key role in aligning business goals with the integration, governance, reliability and democratization of ...

Kyligence builds out data cloud for OLAP and big data

Kyligence is advancing the Apache Kylin project with a cloud-native offering that can help organizations more efficiently execute...

SearchSecurity

Standardize cybersecurity terms to get everyone correct service

Some cybersecurity terms can refer to multiple service offerings, which can be confusing for companies looking to implement them ...

SolarWinds breach news center

The massive SolarWinds supply-chain attack continues to invade networks. Here's the latest news on the breach, how the malware ...

Adopting threat hunting techniques, tactics and strategy

Adopt threat hunting techniques that analyze the right data, detect anomalies, use frameworks and compare success metrics, ...

residual risk

Continue Reading About residual risk

Dig Deeper on Risk management and compliance

How to perform a cybersecurity risk assessment, step by step

5 steps to determine residual risk during the assessment process

pure risk (absolute risk)

Acquiring cybersecurity insurance: Why collaboration is key

SearchCIO

3 steps to recalibrate a strategic IT roadmap

Experts predict hot enterprise architecture trends for 2021

Cloud, security top list of IT spending priorities

SearchHealthIT

Real-time customer experience in healthcare is on the horizon

A look inside the all-in-one HCISPP exam guide

Get started on your HCISPP training with this practice quiz

SearchCloudComputing

IBM acquisition spree targets hybrid cloud consulting market

How to choose between IaaS and SaaS cloud models

COVID-19 and remote work shift cloud predictions for 2021

SearchDataCenter

IBM revenues head south again as hardware, services sales dip

Get a template to estimate server power consumption per rack

When the chips are down, Intel turns to VMware's Pat Gelsinger

SearchDataManagement

Enterprise data lakes hold the key to actionable insights

Data fabrics help data lakes seek the truth

Kyligence builds out data cloud for OLAP and big data

SearchSecurity

Standardize cybersecurity terms to get everyone correct service

SolarWinds breach news center

Adopting threat hunting techniques, tactics and strategy

Continue Reading About residual risk

Related Terms

Dig Deeper on Risk management and compliance

How to perform a cybersecurity risk assessment, step by step

5 steps to determine residual risk during the assessment process

pure risk (absolute risk)

Acquiring cybersecurity insurance: Why collaboration is key