Example of risk and its correspondence residual risk

Considering approach asset-threat-vulnerability, an example of risk can be, as assets, any power dependable equipment (e.g., servers, desktops, routers, etc.), a threat as power failure, and vulnerability as lack of power generator. For this scenario, you may have as a likelihood of occurrence a value of 2 (in a scale of o to 2), and an impact also of 2 (in a scale of o to 2), with a total risk of 4 (sum of likelihood and impact).

 In case you decide to use as a control to mitigate the risk of the use of a power generator, the likelihood of occurrence may decrease to 0, keeping the impact value 2, and your residual risk would be 2.

These materials will provide you a further explanation about risk assessment and treatment:
- The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- Why is residual risk so important? https://advisera.com/27001academy/knowledgebase/why-is-residual-risk-so-important/

These materials will also help you regarding risk assessment and treatment:
- Diagram of ISO 27001:2013 Risk Assessment and Treatment process https://info.advisera.com/27001academy/free-download/diagram-of-iso-270012013-risk-assessment-and-treatment-process
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/