Unraveling the establishment of residual risk in cybersecurity

Abstract

This paper addresses the background, concepts, related variables, and current problems related to the calculation of Residual Risk (RR) in cybersecurity management systems. The objective of this paper is to clarify the concept of residual risk and identify the main problems that prevent the establishment of an adequate residual risk calculation at the organizational level and to provide possible solutions to this problem that will serve as a starting point for both practitioners and researchers in measuring the effectiveness of the countermeasures applied.