"A risk that remains after risk responses have been implemented." (Cynthia Stackpole, "PMP Certification All-in-One For Dummies", 2011)
"The remaining possibility and impact of a future uncertain event or condition after response to the original risk has been planned." (Bonnie Biafore & Teresa Stover, "Your Project Management Coach: Best Practices for Managing Projects in the Real World", 2012)
"The risk remaining after risk treatment." (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)
"The risk that remains after implementing security controls to mitigate risk. Senior management is responsible for deciding what security controls to implement, and for any losses related to residual risk." (Darril Gibson, "Effective Help Desk Specialist Skills", 2014)
"Risk that remains after implementing a control. Threats × vulnerabilities × assets × (control gap) = residual risk." (Adam Gordon, "Official (ISC)2 Guide to the CISSP CBK" 4th Ed., 2015)
"Once all other risk treatment options have been explored, it is often the case that some (usually small) risk remains. It is normal to accept or tolerate this, since further treatment might either have no effect, or might be prohibitively expensive. Because residual risks are often very small, they are occasionally (incorrectly) overlooked." (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)
"The risk remaining after risk treatment." (ISO 73:2009)
No comments:
Post a Comment