Definition

residual risk

Contributor(s): Fran Sales

Residual risk is the threat that remains after all efforts to identify and eliminate risk have been made.

There are four basic ways of dealing with risk: reduce it, avoid it, accept it or transfer it. Since residual risk is unknown, many organizations choose to either accept residual risk or transfer it -- for example, by purchasing insurance to transfer the risk to an insurance company.

When addressing residual risk, organizations should:

Identify relevant governance, risk and compliance (GRC) requirements.
Determine the organization's control framework's strengths and weaknesses.
Acknowledge existing risks.
Define the organization's risk appetite.
Identify available options for offsetting unacceptable residual risks.

This was last updated in April 2014

Continue Reading About residual risk

Review five steps to identifying residual risk in the risk assessment process

Learn the operational and compliance risks associated with outsourcing

Read this ISO27k FAQ for common questions regarding risk assessment and management

Watch this video on how to be more proactive in your risk assessments

Check out the Information Security Handbook's residual risk formula

Dig Deeper on Risk management and compliance

pure risk (absolute risk) Pure risk, also called absolute risk, is a category of threat that is beyond human control and has only one possible outcome if it occurs: loss.

Acquiring cybersecurity insurance: Why collaboration is key Cybersecurity insurance is becoming more important to enterprises as threats increase. Sean Martin explains why enterprise departments need to work together to acquire it.

What do CFOs need to know about customer data security? With cyberattacks a growing concern for many companies, the CFO must take a leadership role in securing organizational and customer data. Here's how to start.

Improve SDN security with a proper risk management plan Enterprise SDN controllers can be vulnerable to attacks, but a proper risk management plan can improve SDN controller security. Judith Myerson explains how to get started.

Fast Guide: Enterprise risk An enterprise risk is any potential event that could threaten an organization's ability to achieve its financial goals; long term, a risk can be a threat to sustainability. In a business context, risks are broadly categorized as either internal or external, or whether or not they are controllable by the organization. See our guide to types of enterprise risk.

Six steps to build an effective enterprise risk management program Follow these six steps to develop an enterprise risk management program that maps risks and establishes countermeasures.

SearchCIO

Don't let edge computing security concerns derail your plans

Security concerns give many IT organizations pause when considering edge computing. But the potential problems can be overcome ...

Risk-based digital identity benefits CIOs, CMOs and customers

Asking customers to reaffirm their digital identities by sharing private information undermines CX and data security. Instead, ...

Agile practices endure and continue to adapt

As the 20th anniversary of the Agile Manifesto approaches, Agile practices remain vital to software development and are being ...

SearchHealthIT

Google-Ascension deal reveals murky side of sharing health data

The Google-Ascension partnership is a 'PR failure' that demonstrates a need for greater transparency about what happens to ...

Digital transformation projects are an opportunity for healthcare CIOs

Geisinger Health System CIO John Kravitz gives advice on how healthcare CIOs can lead a digital transformation project within ...

Cloud-based security enables healthcare orgs to grow with the times

Cleveland Clinic's deputy CISO came to the 2019 CHIME Fall CIO Forum with a message: Migrating to the cloud won't be easy, but ...

SearchCloudComputing

Top 5 benefits of hybrid cloud

Why choose between public and private clouds when you can have both? With hybrid cloud, enterprises can address workload ...

AI-driven development trends shake up the cloud market

Enterprises are increasingly interested in AI, and cloud vendors are in a race to adapt their platforms to meet those needs. See ...

A primer on Alibaba Cloud for Western enterprises

When Western cloud users think of major cloud providers, it's typically the top three: AWS, Google Cloud Platform and Microsoft ...

SearchDataCenter

Understand top public cloud repatriation use cases

Cloud technology can pose billing, management and compliance issues. Here are five reasons why repatriating cloud workloads back ...

Microsoft quantum development turns toward hardware

Microsoft revealed plans to jump into the quantum hardware business with a chip capable of running quantum software.

Top 5 options for Linux certifications

Are you ready to expand your Linux knowledge? Here's a look at the latest courses, training content and exams available from ...

SearchDataManagement

CockroachDB 19.2 improves distributed database performance

New release of CockroachDB cloud-native distributed database platform helps to reduce latency; it also gets enhanced data backup ...

Redis Labs eases database management with RedisInsight

Based on the open source RDBTools project, Redis Labs' new tool gives database administrators a stable graphical user interface ...

How AI could save the enterprise data catalog

Enterprise data catalogs record all the databases and files in a corporation, but sometimes it can become out of date. Advances ...

SearchSecurity

Use network traffic analysis to detect next-gen threats

Network traffic analysis, network detection and response -- whichever term you prefer, the technology is critical to detecting ...

Check Point: Qualcomm TrustZone flaws could be 'game over'

Researchers discovered vulnerabilities in Qualcomm TrustZone that Check Point says could lead to 'unprecedented access' because ...

InfoTrax settles FTC complaint, will implement infosec program

InfoTrax settled an FTC complaint over an extensive data breach that lasted two years. Now, it can no longer collect any personal...

residual risk

Continue Reading About residual risk

Dig Deeper on Risk management and compliance

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

SearchCIO

Don't let edge computing security concerns derail your plans

Risk-based digital identity benefits CIOs, CMOs and customers

Agile practices endure and continue to adapt

SearchHealthIT

Google-Ascension deal reveals murky side of sharing health data

Digital transformation projects are an opportunity for healthcare CIOs

Cloud-based security enables healthcare orgs to grow with the times

SearchCloudComputing

Top 5 benefits of hybrid cloud

AI-driven development trends shake up the cloud market

A primer on Alibaba Cloud for Western enterprises

SearchDataCenter

Understand top public cloud repatriation use cases

Microsoft quantum development turns toward hardware

Top 5 options for Linux certifications

SearchDataManagement

CockroachDB 19.2 improves distributed database performance

Redis Labs eases database management with RedisInsight

How AI could save the enterprise data catalog

SearchSecurity

Use network traffic analysis to detect next-gen threats

Check Point: Qualcomm TrustZone flaws could be 'game over'

InfoTrax settles FTC complaint, will implement infosec program

Continue Reading About residual risk

Related Terms

Dig Deeper on Risk management and compliance

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.

File Extensions and File Formats