Residual Risk

From FISMApedia
(Redirected from Residual risk)
Jump to: navigation, search

CNSSI 4009

Portion of risk remaining after security measures have been applied.

NIST SP 800-16

The potential for the occurrence of an adverse event after adjusting for the impact of all in-place safeguards. (See Total Risk, Acceptable Risk, and Minimum Level of Protection.)

NIST SP 800-33

The remaining, potential risk after all IT security measures are applied. There is a residual risk associated with each threat.