Definition

residual risk

Contributor(s): Fran Sales

Residual risk is the threat that remains after all efforts to identify and eliminate risk have been made.

There are four basic ways of dealing with risk: reduce it, avoid it, accept it or transfer it. Since residual risk is unknown, many organizations choose to either accept residual risk or transfer it -- for example, by purchasing insurance to transfer the risk to an insurance company.

When addressing residual risk, organizations should:

Identify relevant governance, risk and compliance (GRC) requirements.
Determine the organization's control framework's strengths and weaknesses.
Acknowledge existing risks.
Define the organization's risk appetite.
Identify available options for offsetting unacceptable residual risks.

This was last updated in April 2014

Continue Reading About residual risk

Review five steps to identifying residual risk in the risk assessment process

Learn the operational and compliance risks associated with outsourcing

Read this ISO27k FAQ for common questions regarding risk assessment and management

Watch this video on how to be more proactive in your risk assessments

Check out the Information Security Handbook's residual risk formula

Dig Deeper on Risk management and compliance

All
News
Get Started
Evaluate
Manage
Problem Solve

SearchCIO

Comparing chatbots vs. virtual assistants vs. conversational agents

Is a conversational agent the same as a chatbot or a virtual assistant? Not exactly. IBM Watson VP and CTO Rob High explains the ...

MIT CIO 2019: Scaling AI and data to build the 'smart enterprise'

The theme of MIT Sloan CIO Symposium 2019 is 'leading the smarter enterprise.' We caught up with event chair Lindsey Anderson to ...

A buyer's guide to PPM tools, features, benefits and vendors

Explore all the factors that go into purchasing a project portfolio management platform, including analysis features, ...

SearchHealthIT

CMS focuses on post-acute care settings in interoperability quest

The Centers for Medicare and Medicaid Services turns to healthcare players for input on promoting EHR adoption in post-acute care...

How healthcare AI technology can improve patient outcomes

There are seemingly endless possibilities for AI in healthcare, whether it's as a set of second eyes for radiologists or as a ...

Philips buys Carestream Health's healthcare information systems

Philips' acquisition of Carestream Health's HCIS business gives the company more imaging technologies, while boosting its ...

SearchCloudComputing

Google Cloud taps into VMware vRealize for hybrid deployments

Google Cloud is now tied into VMware vRealize through a plug-in that enables users to manage on-premises VMware workloads ...

Kick-start your app migration strategy with these best practices

As the cloud becomes more popular, most enterprises will need a migration strategy. Before they move to the public cloud, ...

Strike a cost-performance balance in microservices deployment

To successfully deploy microservices in the cloud, IT teams should beware of these four common mistakes around resource locations...

SearchDataCenter

Pick the right colocation site for your organization

Colocation is more than signing a contract and installing hardware. Evaluate redundancy, rack space real estate and distance to ...

Can IT admins benefit from a DevOps environment?

Admins might wonder if they need to pay attention to DevOps, but collaboration with developers helps minimize bad code and ...

4 PowerShell modules every IT pro should know

Find out how to use four of the most popular PowerShell community modules in the PowerShell Gallery to help better manage your ...

SearchDataManagement

Why data silos matter: Settling ownership of data issues

Data ownership is still seen as a task for IT -- but that can lead to data silos full of redundant information. Find out why you ...

Machine learning approaches gain critical mass for data pros

Machine learning will bring change to analytics and data management, said data luminary Michael Stonebraker. Others agree ...

Big data management practices gain attention amid risks

Many data professionals have yet to solidify traditional data management practices, but they have a new set of challenges to ...

SearchSecurity

Study reveals sale of SSL/TLS certificates on dark web

Security researchers discovered the availability of SSL/TLS certificates for sale on the dark web, which allow cybercriminals to ...

Hundreds of millions of Facebook passwords exposed internally

Facebook learned three months ago that hundreds of millions of passwords were stored internally in plaintext, but it didn't ...

Risk & Repeat: RSA Conference 2019 in review

This week's 'Risk & Repeat' podcast looks back at RSA Conference and discusses the show's diversity and inclusion efforts as well...

Continue Reading About residual risk

Related Terms

Dig Deeper on Risk management and compliance

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.

File Extensions and File Formats