Residual Risk: Any risk still remaining after the counter measures are analyzed and implemented is
called Residual Risk. An organization‘s management of risk should consider these two areas:
acceptance of residual risk and selection of safeguards. Even when safeguards are applied, there is probably going to be some residual risk. The risk can be minimized, but it can seldom be eliminated. Residual risk must be kept at a minimal, acceptable level. As long as it is kept at an acceptable level, (i.e. the likelihood of the event occurring or the severity of the consequence is sufficiently reduced) the risk can be considered as managed.