
Information Security Risk Assessment Basics ◾ 33
© 2011 by Taylor & Francis Group, LLC
organization. Safeguard recommendations are key to the results of a security risk
assessment and must be carefully considered (see Table2.5).
2.5.2 Residual Security Risk
Residual security risk is the security risk that remains after implementation of rec-
ommended safeguards. e objective of security risk management is to accurately
measure the residual security risk and keep it to a level at or below the security risk
tolerance level.
Residual security risk is an important element of information security risk
assessments for several reasons. First ...