The amount of risk that remains after all security measures and controls have been applied. It represents the potential for harm, loss, or disruption even after all mitigations have been taken into account. Understanding and managing residual risk is a key part of any risk management strategy, as it helps determine whether additional measures are necessary or whether the remaining risk is acceptable.