Secure Software Lifecycle Professional – CSSLP – Question059

You work as a project manager for BlueWell Inc. You with your team are using a method or a (technical) process that conceives the risks even if all theoretically possible safety measures would be applied. One of your team member wants to know that what is a residual risk. What will you reply to your team member?

A.
It is a risk that remains because no risk response is taken.
B. It is a risk that can not be addressed by a risk response.
C. It is a risk that will remain no matter what type of risk response is offered.
D. It is a risk that remains after planned risk responses are taken.

Correct Answer: D

Explanation:

Explanation: Residual risks are generally smaller risks that remain in the project after larger risks have been addressed. The residual risk is the risk or danger of an action or an event, a method or a (technical) process that still conceives these dangers even if all theoretically possible safety measures would be applied. The formula to calculate residual risk is (inherent risk) x (control risk) where inherent risk is (threats vulnerability). Answer: B is incorrect. This is not a valid statement about residual risks. Answer: C is incorrect. This is not a valid statement about residual risks. Answer: A is incorrect. This is not a valid statement about residual risks.