LOGBOOK

HELP

Quiz Entry - updated: 2026.06.20

What should happen to residual risks after threat modeling?

Escalate them to management to decide whether the unmitigated threat is acceptable — accepting risk is a business call, not a developer's.

Residual risks (threats you can't fully mitigate) should be escalated for management review to determine if the unmitigated threat is acceptable to the project as a whole.

Benefits of threat modeling for the whole team:

  • Raised awareness of design and implementation implications
  • Higher overall code quality
  • Greater management visibility of security controls

Key point: Security decisions about acceptable risk are business decisions, not just technical ones.

From Quiz: SPRG / Mitigation and Risk Analysis | Updated: Jun 20, 2026