U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Glossary
A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

residual risk

Definition(s):

  Portion of risk remaining after security measures have been applied.
Source(s):
NIST SP 800-30 Rev. 1 under Residual Risk from CNSSI 4009
CNSSI 4009-2015 [Superseded] from NIST SP 800-33 - Adapted

  Risk remaining after risk treatment.
Source(s):
NIST SP 800-160 Vol. 1 from ISO Guide 73

  the potential for the occurrence of an adverse event after adjusting for theimpact of all in-place safeguards. (See Total Risk, Acceptable Risk, and Minimum Level of Protection.)
Source(s):
NIST SP 800-16 under Residual Risk

  Portion of risk remaining after controls/countermeasures have been applied.
Source(s):
NIST SP 800-161r1 from NIST SP 800-16 - adapted

  Risk that remains after risk responses have been documented and performed.
Source(s):
NISTIR 8286 under Residual Risk

  The remaining, potential risk after all IT security measures are applied. There is a residual risk associated with each threat.
Source(s):
NIST SP 800-33 [Withdrawn]