How to calculate residual risk
Assign topic to the user
Answer: Residual risk is the level of risk once you apply the controls - for example, if you had a risk that had a value of 9, and you applied controls so that impact and likelihood have decreased, then the level of residual risk could be e.g. 5.
By the way, usually the risks do not cause other risks - it is the threats and vulnerabilities that cause risks - see also this article: ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
This article is also helpful: Why is residual risk so important? https://advisera.com/27001academy/knowledgebase/why-is-residual-risk-so-important/
Comment as guest or Sign in
Oct 20, 2016