I did a delay risks analysis and then It's difficult for me to define residual risk management
Answer:
Basically there are 3 options for the residual risk management:
a.- If the level of risk is below the acceptable level of risk, everything is ok, so you do nothing
b.- If the level of risk is above, you need to find out some new way to mitigate the risk
c.- If the level of risk is above, but the organization cannot assume the costs related to the mitigation of the risk, the risk need to be accepted.
This article can be interesting for you Why is residual risk so important? : https://advisera.com/27001academy/knowledgebase/why-is-residual-risk-so-important/
Comment as guest or Sign in
Jan 13, 2016