312-50V11 · Question #488
What kind of risk will remain even if all theoretically possible safety measures would be applied?
The correct answer is A. Residual risk. Residual risk is the risk that remains after all feasible controls and safeguards have been applied to an identified threat.
Question
What kind of risk will remain even if all theoretically possible safety measures would be applied?
Options
- AResidual risk
- BInherent risk
- CImpact risk
- DDeferred risk
How the community answered
(61 responses)- A95% (58)
- B3% (2)
- C2% (1)
Why each option
Residual risk is the risk that remains after all feasible controls and safeguards have been applied to an identified threat.
Residual risk is defined as the remaining level of risk after security controls have been applied to reduce inherent risk. Even with every theoretically possible safeguard in place, some level of uncertainty and exposure cannot be fully eliminated. Risk management frameworks like NIST SP 800-39 acknowledge that residual risk is accepted by organizational leadership after controls are implemented.
Inherent risk is the level of risk that exists before any controls are applied, not the risk that remains after controls are implemented.
Impact risk is not a standard term in recognized risk management frameworks and is not used to describe risk remaining after controls.
Deferred risk is not a standard risk classification in IT security or risk management frameworks.
Concept tested: Residual risk in security risk management
Source: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-39.pdf
Topics
Community Discussion
No community discussion yet for this question.