Which of the following is the formula used to calculate the risk that remains after you apply controls? a. ALE=SLExARO b. Total Risk=Thrat X Vulnerability X Assest Value c. Residual Risk = Total Risk - Controls d. Risk=Threat X Vulnerability
In information security, the risk is also known as the capacity to take advantage of the vulnerabilities and the resource or group of assets, that harm the organization is described.
In the calculation of the total risk the three things is used that are "Threat, Vulnerability, and Asset".
These values are multiplied by each other, that's why except of "option b" all other choices are wrong.
