Information Security Officer Question:

Do you know what is residual risk?

Tweet Share WhatsApp

Answer:

I’m going to let Ed Norton answer this one: “A new car built by my company leaves somewhere traveling at 60 mph. The rear differential locks up. The car crashes and burns with everyone trapped inside. Now, should we initiate a recall? Take the number of vehicles in the field, A, multiply by the probable rate of failure, B, multiply by the average out-of-court settlement, C. A times B times C equals X. If X is less than the cost of a recall, we don’t do one.” Residual Risk is what is left over after you perform everything that is cost-effective to increase security, but to go further than that is a waste of resources. Residual risk is what the company is willing to live with as a gamble in the hopes that it won’t happen.

Download Information Security Professional PDF Read All 95 Information Security Professional Questions
Previous QuestionNext Question
Tell me is there any difference between Information Security and IT Security? If yes, please explain the difference?Tell me what is the role of information security analyst?