Residual Risk

Residual Risk definition in Computer Security terms:

Acronym(s): None

Definition(s): Portion of risk remaining after security measures have been applied.
Source(s): CNSSI 4009-2015 (Adapted from NIST SP 800-33)
NIST SP 800-30 (CNSSI 4009)

The potential for the occurrence of an adverse event after adjusting for the impact of all in-place safeguards. (See Total Risk, Acceptable Risk, and Minimum Level of Protection.).
Source(s): NIST SP 800-16

The remaining potential risk after all IT security measures are applied. There is a residual risk associated with each threat.
Source(s): NIST SP 800-64 Rev. 2 (NIST SP 800-33)

The remaining, potential risk after all IT security measures are applied. There is a residual risk associated with each threat.
Source(s): NIST SP 800-33

Synonym(s): None

 

reference: CSRC Glossary