Portion of risk remaining after security measures have been applied.
The potential for the occurrence of an adverse event after adjusting for the impact of all in-place safeguards. (See Total Risk, Acceptable Risk, and Minimum Level of Protection.)
The remaining, potential risk after all IT security measures are applied. There is a residual risk associated with each threat.