Expert Advice Community

Home / ISO 27001 & 22301 / How to calculate residual risk

Guest

How to calculate residual risk

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Oct 20, 2016 Last commented:   Oct 20, 2016

How to calculate residual risk

ISO 27001 & 22301
How do you calculate residual risk? I have a risk that causes two sub risks. Now value for top level risk will be sum of two risks or can the top level risk have a value of its own.
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.
Expert
Dejan Kosutic Oct 20, 2016

Answer: Residual risk is the level of risk once you apply the controls - for example, if you had a risk that had a value of 9, and you applied controls so that impact and likelihood have decreased, then the level of residual risk could be e.g. 5.

By the way, usually the risks do not cause other risks - it is the threats and vulnerabilities that cause risks - see also this article: ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/

This article is also helpful: Why is residual risk so important? https://advisera.com/27001academy/knowledgebase/why-is-residual-risk-so-important/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 20, 2016

Oct 20, 2016

Suggested Topics
Tanya S Created:   Dec 01, 2023 ISO 27001 & 22301
Replies: 1
0 0

Residual Risk Calculations
Guest user Created:   Sep 23, 2020 ISO 27001 & 22301
Replies: 3
0 0

Information Security Risk Assessment and Risk Treatment
Guest user Created:   Jul 20, 2019 ISO 27001 & 22301
Replies: 1
0 0

Residual risk