residual risk [English]
n. ~ A level of risk that remains after factoring in efforts to reduce its likelihood or impact through risk mitigation.
- Information Security Handbook 2009. (†485 ): The risk that remains after controls are taken into account (the net risk or risk after controls). . . . Residual Risk = Cost × Threat × Vulnerability.
- Wikipedia (†387 s.v. residual risk): The risk or danger of an action or event, a method or a (technical) process that, although being abreast with science, still conceives these dangers, even if all theoretically possible safety measures would be applied (scientifically conceivable measures). The formula to calculate residual risk is (inherent risk) x (control risk) where inherent risk is (threats × vulnerability).