Limited-time offer
Lock in 2024 prices now for toolkits, course exams, and software!
This offer is valid until December 19, 2024.

Tag: "residual risk" - Expert Advice Community

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Residual Risk Calculations

    Hi, I understand that the conformio software auto calculates the residual risk after controls are added. so 2 questions:

    1. What is the recommended base for controls? Is more better as in comprehensively covered or the minimum to reduce the resdiual risk?

    2. Do we assume that the controls reduces the impact rating? I'm unsure of how that will happen. Can you please explain? For example - Desktop Computers > Downloads from internet not controlled > Infections with malicious software > Controls choosen are: A.5.7, A.5.10, A.5.17, A.5.24, A.5.25, A.5.26, A.5.27, A.5.28, A.5.37, A.6.1, A.6.2, A.6.3, A.6.4, A.6.8, A.8.7, A.8.19, A.8.21

    The residual risk is now 0 but I don't understand how the Impact is reduced to 0 with these. Please help.

    Thanks