How do you calculate residual risk?
A.
Threat x risk x asset value
B.
(Threat x asset value x vulnerability) x risks
C.
SLE x frequency = ALE
D.
(Threats x vulnerability x asset value) x controls gap
Explanation:
The equation is more conceptual than it is practical. It is hard to
assign a number to a vulnerability and a threat individually. What this equation is
saying is look at the potential loss to a specific asset and look at the controls
gap, which means what the specific countermeasure cannot protect against. What is
left is the residual risk. Residual risk is what is left over after a countermeasure
is implemented.