residual risk

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

Definition(s):

  Portion of risk remaining after security measures have been applied.
Source(s):
NIST SP 800-30 Rev. 1 under Residual Risk from CNSSI 4009
CNSSI 4009-2015 [Superseded] from NIST SP 800-33 - Adapted

  Risk remaining after risk treatment.
Source(s):
NIST SP 800-160 Vol. 1 from ISO Guide 73

  the potential for the occurrence of an adverse event after adjusting for theimpact of all in-place safeguards. (See Total Risk, Acceptable Risk, and Minimum Level of Protection.)
Source(s):
NIST SP 800-16 under Residual Risk

  Portion of risk remaining after controls/countermeasures have been applied.
Source(s):
NIST SP 800-161r1 from NIST SP 800-16 - adapted

  Risk that remains after risk responses have been documented and performed.
Source(s):
NISTIR 8286 under Residual Risk

  The remaining, potential risk after all IT security measures are applied. There is a residual risk associated with each threat.
Source(s):
NIST SP 800-33 [Withdrawn]

Glossary Comments

Comments about specific definitions should be sent to the authors of the linked Source publication. For NIST publications, an email is usually found within the document.

Comments about the glossary's presentation and functionality should be sent to secglossary@nist.gov.

See NISTIR 7298 Rev. 3 for additional details.

Information Technology Laboratory

Computer Security Resource Center

Computer Security Resource Center

residual risk

Glossary Comments