CERTIFIED-IN-CYBERSECURITY · Question #330
CERTIFIED-IN-CYBERSECURITY Question #330: Real Exam Question with Answer & Explanation
The correct answer is A: The risk that remains after all possible controls and countermeasures have been applied. Residual risk is the risk that remains after all possible controls and countermeasures have been applied (see ISC2 Study Guide, Module 2, under Risk Treatment). Residual risk is an important concept in risk management, as it helps organizations understand the remaining level of r
Question
In the context of the risk management process, what does the term 'residual risk' refer to?
Options
- AThe risk that remains after all possible controls and countermeasures have been applied
- BThe total elimination of risk within an organization
- CThe risks that are considered irrelevant or insignificant
- DThe risk associated with an organization's assets before any controls are implemented
Explanation
Residual risk is the risk that remains after all possible controls and countermeasures have been applied (see ISC2 Study Guide, Module 2, under Risk Treatment). Residual risk is an important concept in risk management, as it helps organizations understand the remaining level of risk they face after implementing their chosen controls and countermeasures, enabling them to make informed decisions about whether additional actions are necessary or if the remaining risk is acceptable. The risk associated with an organization's assets before any controls are implemented, the total elimination of risk within an organization, and the risks considered irrelevant or insignificant are all incorrect options, as none accurately describe the concept of
Topics
Community Discussion
No community discussion yet for this question.