Residual Risk (Definition)

The remaining risk associated with a possible event after all mitigation steps have been taken.

This is often contrasted with the inherent risk, the risk that exists before any risk mitigation controls have been applied.

See also:

You are welcome to use these definitions for any purpose provided that an acknowledgement is made
to www.RiskyThinking.com and (if you're using HTML) you provide a link back to this site.
If you are an industry professional, consider subscribing to the free Risky Thinking Newsletter for articles, insights, and commentary on risk, business continuity, and security. It's low volume: we don't send out the newsletter unless there is something interesting to say!

Errors or Omissions? Contact us and let us know!