Your company completes a risk analysis. After the analysis, management requests that you deploy security controls that will mitigate any of the identified risks. Management indicates that there is an expected level of residual risk that they expect. What is residual risk?
A. risk that is left over after safeguards have been implemented
B. terminating the activity that causes a risk or choosing an alternative that is not as risky
C. passing the risk on to a third party
D. defining the acceptable risk level the organization can tolerate and reducing the risk to that level
A
Explanation: Residual risk is risk that is left over after safeguards have been implemented.
Risk avoidance is terminating the activity that causes a risk or choosing an alternative that is not as risky. Risk transfer is passing the risk on to a third party. Risk mitigation is defining the acceptable risk level the organization can tolerate and reducing the risk to that level.
You might also like to view...
For each of the following scenarios, which is the most appropriate interviewing technique. Give a rationale for each answer.
What will be an ideal response?
A primary key can be a combination of several fields
Indicate whether the statement is true or false
When the Clipboard pane is open, the most recent cut or copy appears at the bottom of the pane
Indicate whether the statement is true or false
The word processing software included with Office 2016 is called Pages
Indicate whether the statement is true or false