Your company completes a risk analysis. After the analysis, management requests that you deploy security controls that will mitigate any of the identified risks. Management indicates that there is an expected level of residual risk that they expect. What is residual risk?

A. risk that is left over after safeguards have been implemented
B. terminating the activity that causes a risk or choosing an alternative that is not as risky
C. passing the risk on to a third party
D. defining the acceptable risk level the organization can tolerate and reducing the risk to that level


A
Explanation: Residual risk is risk that is left over after safeguards have been implemented.
Risk avoidance is terminating the activity that causes a risk or choosing an alternative that is not as risky. Risk transfer is passing the risk on to a third party. Risk mitigation is defining the acceptable risk level the organization can tolerate and reducing the risk to that level.

Computer Science & Information Technology

You might also like to view...

For each of the following scenarios, which is the most appropriate interviewing technique. Give a rationale for each answer.

What will be an ideal response?

Computer Science & Information Technology

A primary key can be a combination of several fields

Indicate whether the statement is true or false

Computer Science & Information Technology

When the Clipboard pane is open, the most recent cut or copy appears at the bottom of the pane

Indicate whether the statement is true or false

Computer Science & Information Technology

The word processing software included with Office 2016 is called Pages

Indicate whether the statement is true or false

Computer Science & Information Technology