Information Security Officer Question:
Download Questions PDF

Do you know what is residual risk?


I’m going to let Ed Norton answer this one: “A new car built by my company leaves somewhere traveling at 60 mph. The rear differential locks up. The car crashes and burns with everyone trapped inside. Now, should we initiate a recall? Take the number of vehicles in the field, A, multiply by the probable rate of failure, B, multiply by the average out-of-court settlement, C. A times B times C equals X. If X is less than the cost of a recall, we don’t do one.” Residual Risk is what is left over after you perform everything that is cost-effective to increase security, but to go further than that is a waste of resources. Residual risk is what the company is willing to live with as a gamble in the hopes that it won’t happen.

Download Information Security Professional Interview Questions And Answers PDF

Previous QuestionNext Question
Tell me is there any difference between Information Security and IT Security? If yes, please explain the difference?Tell me what is the role of information security analyst?