Information Security Officer Question:
Download Job Interview Questions and Answers PDF
Do you know what is residual risk?
Answer:
I’m going to let Ed Norton answer this one: “A new car built by my company leaves somewhere traveling at 60 mph. The rear differential locks up. The car crashes and burns with everyone trapped inside. Now, should we initiate a recall? Take the number of vehicles in the field, A, multiply by the probable rate of failure, B, multiply by the average out-of-court settlement, C. A times B times C equals X. If X is less than the cost of a recall, we don’t do one.” Residual Risk is what is left over after you perform everything that is cost-effective to increase security, but to go further than that is a waste of resources. Residual risk is what the company is willing to live with as a gamble in the hopes that it won’t happen.
Download Information Security Professional Interview Questions And Answers
PDF