DevOps Articles

Inherent Risk vs. Residual Risk (Quick Explanation) | UpGuard

Inherent risks include all risks that are present without any security controls. Residual risks are the risks that remain after security controls are implemented. Even with an abundance of security controls, vestiges of residual risks will remain that could expose your sensitive data to cyber attacks.This is because the proliferation of digital transformation expands the digital landscape, creating more attack vectors. Ironically, sometimes security controls introduce additional residual risks, known as secondary risks. Because residual risks are inexorable, their effective management involves the pursuit of the optimal balance between acceptable and unacceptable risks.