Definition

residual risk

Contributor(s): Fran Sales

Residual risk is the threat that remains after all efforts to identify and eliminate risk have been made.

There are four basic ways of dealing with risk: reduce it, avoid it, accept it or transfer it. Since residual risk is unknown, many organizations choose to either accept residual risk or transfer it -- for example, by purchasing insurance to transfer the risk to an insurance company.

When addressing residual risk, organizations should:

Identify relevant governance, risk and compliance (GRC) requirements.
Determine the organization's control framework's strengths and weaknesses.
Acknowledge existing risks.
Define the organization's risk appetite.
Identify available options for offsetting unacceptable residual risks.

This was last updated in April 2014

Continue Reading About residual risk

Review five steps to identifying residual risk in the risk assessment process

Learn the operational and compliance risks associated with outsourcing

Read this ISO27k FAQ for common questions regarding risk assessment and management

Watch this video on how to be more proactive in your risk assessments

Check out the Information Security Handbook's residual risk formula

Dig Deeper on Risk management and compliance

SearchCIO

An introduction to intelligent document processing for CIOs

With IDP, enterprises can bring documents into automation workflows, which can help reduce document processing time and save on ...

Why CIOs need to establish an automation CoE

With organizations continuing to automate business processes across several departments at a rapid pace, it's time they consider ...

Is your company's IT governance strategy cloud ready?

As companies prepare to migrate to the cloud, they need to review their IT governance strategy before making any decisions to ...

SearchHealthIT

VA CIO: COVID-19 has accelerated digital projects

In this Q&A, VA CIO James Gfrerer describes how the COVID-19 pandemic has changed his priorities for and his approach to digital ...

VA prepares for its first Cerner EHR launch

After months of delays, a sizable cost inflation and in the midst of a pandemic, the U.S. Department of Veterans Affairs is ready...

Nvidia brings federated learning to COVID-19 patient data

Researchers from 20 healthcare institutions built an AI model to predict the supplemental oxygen needs for COVID-19 patients. And...

SearchCloudComputing

Microsoft's SpaceX partnership sends Azure to the final frontier

Microsoft has partnered with SpaceX to tie Azure to low-orbiting satellites. The company also introduced a modular data center to...

How to design and implement a cloud governance framework

An organization that wants to control its cloud environment should look closely at how well it adheres to these four key pillars ...

AWS Outposts: What you need to know to get started

AWS Outposts is a managed device that brings Amazon cloud services into your data center. Review its requirements, use cases and ...

SearchDataCenter

IBM cloud revenues climb as hardware continues to decline

IBM cloud revenues continue to increase as hardware sales drop, sharpening the company's strategy to focus on hybrid cloud.

Figure out the differences of asset management vs. CMDB

There is no shortage of software options for change management tools. Operational goals can help IT teams decide if ITAM or CMDB ...

IBM partners with HBCUs to promote quantum computing

IBM is partnering with a group of historically Black colleges and universities to set up a quantum computing center in hopes of ...

SearchDataManagement

Growing enterprise benefits of augmented data management

Gartner predicts plenty of growth in the booming augmented data management market, which helps data professionals focus on ...

MongoDB Atlas now enables multi-cloud database clusters

Multi-cloud data portability comes to MongoDB Atlas with a new capability that will enable users to run a database application ...

How AI data privacy can help your enterprise

Enterprises benefit in many ways from AI data privacy tools that reduce the need for manual efforts from data professionals. Read...

SearchSecurity

Why SASE should be viewed as an evolution, not revolution

The hype around secure access service edge (SASE) is palpable. But by taking a step back, security leaders can align an emerging ...

The 5 principles of zero-trust security

Zero trust is a journey, not a destination. Ensure your corporate network is safe from internal and external threats by ...

Iranian hackers pose as far-right group to threaten U.S. voters

The FBI said Russia and Iran have obtained voter information, and Iranian hackers have also been sending threatening emails to ...

residual risk

Continue Reading About residual risk

Dig Deeper on Risk management and compliance

5 steps to determine residual risk during the assessment process

electronic protected health information (ePHI)

pure risk (absolute risk)

Acquiring cybersecurity insurance: Why collaboration is key

Start the conversation

0 comments

Please create a username to comment.

SearchCIO

An introduction to intelligent document processing for CIOs

Why CIOs need to establish an automation CoE

Is your company's IT governance strategy cloud ready?

SearchHealthIT

VA CIO: COVID-19 has accelerated digital projects

VA prepares for its first Cerner EHR launch

Nvidia brings federated learning to COVID-19 patient data

SearchCloudComputing

Microsoft's SpaceX partnership sends Azure to the final frontier

How to design and implement a cloud governance framework

AWS Outposts: What you need to know to get started

SearchDataCenter

IBM cloud revenues climb as hardware continues to decline

Figure out the differences of asset management vs. CMDB

IBM partners with HBCUs to promote quantum computing

SearchDataManagement

Growing enterprise benefits of augmented data management

MongoDB Atlas now enables multi-cloud database clusters

How AI data privacy can help your enterprise

SearchSecurity

Why SASE should be viewed as an evolution, not revolution

The 5 principles of zero-trust security

Iranian hackers pose as far-right group to threaten U.S. voters

Continue Reading About residual risk

Related Terms

Dig Deeper on Risk management and compliance

5 steps to determine residual risk during the assessment process

electronic protected health information (ePHI)

pure risk (absolute risk)

Acquiring cybersecurity insurance: Why collaboration is key

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.