Which of the following statements is true about residual risks?

Which of the following statements is true about residual risks?

Which of the following statements is true about residual risks?

A.
It is a weakness or lack of safeguard that can be exploited by a threat.

B.
It can be considered as an indicator of threats coupled with vulnerability.

C.
It is the probabilistic risk after implementing all security measures.

D.
It is the probabilistic risk before implementing all security measures.

Explanation:

The residual risk is the risk or danger of an action or an event, a method or a (technical) process that still conceives these dangers even if all theoretically possible safety measures would be applied. The formula to calculate residual risk is (inherent risk) x (control risk) where inherent risk is (threats vulnerability). Answer option B is incorrect. In information security, security risks are considered as an indicator of threats coupled with vulnerability. In other words, security risk is a probabilistic function of a given threat agent exercising a particular vulnerability and the impact of that risk on the organization. Security risks can be mitigated by reviewing and taking responsible actions based on possible risks. Answer option A is incorrect. Vulnerability is a weakness or lack of safeguard that can be exploited by a threat, thus causing harm to the information systems or networks. It can exist in hardware , operating systems, firmware, applications, and configuration files. Vulnerability has been variously defined in the current context as follows.
1.A security weakness in a Target of Evaluation due to failures in analysis, design, implementation, or operation and such.
2.Weakness in an information system or components (e.g. system security procedures, hardware design, or internal controls that could
be exploited to produce an information-related misfortune.) 3.The existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the
security of the system, network, application, or protocol involved.



Leave a Reply 1

Your email address will not be published. Required fields are marked *