The risk that remains after risk treatment is known as:

The risk that remains after risk treatment is termed "residual risk." This concept is pivotal in risk management, particularly within the context of ISO/IEC 27001, which focuses on an organization's information security management system (ISMS).

Residual risk reflects the amount of risk that an organization is willing to accept after implementing various controls or mitigation strategies. The process of risk treatment involves identifying potential risks, assessing their impact and likelihood, and applying controls to reduce them. However, even after these controls are in place, there may still be some level of risk that cannot be completely eliminated. This remaining risk is what we designate as residual risk. It is crucial for organizations to understand this residual risk as it informs their decision-making and risk acceptance strategies.

Identifying and documenting residual risk helps organizations to manage and monitor their risk exposure continuously, ensuring they remain compliant with ISO/IEC 27001 standards, which emphasize ongoing risk assessment and treatment as part of an effective ISMS.

Other terms like inherent risk, treated risk, and accepted risk describe different concepts within the risk management framework but do not refer specifically to the risk left over after treatment measures have been applied. Inherent risk pertains to the overall level of risk in the absence of controls, treated risk refers