Definition

residual risk

Francesca Sales, Site Editor

Residual risk is the threat that remains after all efforts to identify and eliminate risk have been made.

There are four basic ways of dealing with risk: reduce it, avoid it, accept it or transfer it. Since residual risk is unknown, many organizations choose to either accept residual risk or transfer it -- for example, by purchasing insurance to transfer the risk to an insurance company.

When addressing residual risk, organizations should:

Identify relevant governance, risk and compliance (GRC) requirements.
Determine the organization's control framework's strengths and weaknesses.
Acknowledge existing risks.
Define the organization's risk appetite.
Identify available options for offsetting unacceptable residual risks.

This was last updated in April 2014

Continue Reading About residual risk

Review five steps to identifying residual risk in the risk assessment process

Learn the operational and compliance risks associated with outsourcing

Read this ISO27k FAQ for common questions regarding risk assessment and management

Watch this video on how to be more proactive in your risk assessments

Check out the Information Security Handbook's residual risk formula

Dig Deeper on Risk management and compliance

SearchCIO

4 IT contract negotiation strategies to drive value in 2021

To ensure businesses today can effectively save costs through IT sourcing and outsourcing, we're offering four tips for IT ...

Turning data into actionable insights with machine learning

To help make better use of data and analytics, we're diving into how companies can infuse ML-produced actionable insights into ...

Evolving role of the CIO key to the future of work

Allan Tate, executive chair of the MIT Sloan CIO Symposium, explains how the pandemic pushed CIOs to the forefront as enterprises...

SearchHealthIT

Real-time customer experience in healthcare is on the horizon

Forrester's chief business technology officer explains how tools that capture data in real time can help healthcare organizations...

A look inside the all-in-one HCISPP exam guide

Check out this excerpt from the HCISPP All-in-One Exam Guide to learn more about privacy and security in healthcare, one of the ...

Get started on your HCISPP training with this practice quiz

Are you thinking of taking the HCISPP exam? If so, here's 10 practice questions from Sean P. Murphy's 'HCISPP All-in-One Exam ...

SearchCloudComputing

IBM boosts vertical cloud push with financial services cloud

IBM doubles down on its investment in vertical markets, rolling out a financial services cloud that shares workloads with clouds ...

Open source cloud platforms and tools to consider

Although the most popular cloud platforms are proprietary, open source options can enhance the agility and cost-effectiveness of ...

VMware offers new subscription for hybrid cloud deployments

An offering dubbed VMware Cloud presents a new option for customers that want to pursue hybrid cloud strategies supported by a ...

SearchDataCenter

New Intel Ice Lake processors boost performance, security

Intel launches third-generation Xeon Scalable processors that bolster security, accelerate common data center workloads by 46% on...

IBM tools speed mainframe application modernization projects

IBM has released new versions of its application modernization tools designed to bring its Z series of mainframe applications in ...

Nvidia vs. AMD: Compare GPU offerings

Chip vendors Nvidia and AMD each offer GPUs optimized for large data centers. Compare the two to decide which best suits your ...

SearchDataManagement

Why consider an augmented data catalog?

Automated and augmented data catalogs have been around for a few years, but adoption is still lagging. Find out why an enterprise...

Alation brings data catalog technology to the public cloud

Alation's data intelligence technology is getting easier for organizations to use, with a new managed service that can help ...

Yellowbrick Manager embraces Kubernetes for data warehouse

Yellowbrick is building out a new unified control plane to help users manage distributed cloud data warehouse deployments. The ...

SearchSecurity

12 Microsoft Exchange Server security best practices

Exchange security has come under increased scrutiny since the recent exploitation of critical vulnerabilities. Review this list ...

Cring ransomware attacking vulnerable Fortigate VPNs

A vulnerability impacting Fortinet's Fortigate VPN, first disclosed and patched in 2019, is being exploited by Cring ransomware ...

Utilizing existing tech to achieve zero-trust security

A zero-trust security model can immediately be used to address current gaps and provide a secure foundation for managing risk ...

residual risk

Continue Reading About residual risk

Dig Deeper on Risk management and compliance

How to perform a cybersecurity risk assessment, step by step

5 steps to determine residual risk during the assessment process

pure risk (absolute risk)

Acquiring cybersecurity insurance: Why collaboration is key

SearchCIO

4 IT contract negotiation strategies to drive value in 2021

Turning data into actionable insights with machine learning

Evolving role of the CIO key to the future of work

SearchHealthIT

Real-time customer experience in healthcare is on the horizon

A look inside the all-in-one HCISPP exam guide

Get started on your HCISPP training with this practice quiz

SearchCloudComputing

IBM boosts vertical cloud push with financial services cloud

Open source cloud platforms and tools to consider

VMware offers new subscription for hybrid cloud deployments

SearchDataCenter

New Intel Ice Lake processors boost performance, security

IBM tools speed mainframe application modernization projects

Nvidia vs. AMD: Compare GPU offerings

SearchDataManagement

Why consider an augmented data catalog?

Alation brings data catalog technology to the public cloud

Yellowbrick Manager embraces Kubernetes for data warehouse

SearchSecurity

12 Microsoft Exchange Server security best practices

Cring ransomware attacking vulnerable Fortigate VPNs

Utilizing existing tech to achieve zero-trust security

Continue Reading About residual risk

Related Terms

Dig Deeper on Risk management and compliance

How to perform a cybersecurity risk assessment, step by step

5 steps to determine residual risk during the assessment process

pure risk (absolute risk)

Acquiring cybersecurity insurance: Why collaboration is key