What is the term for the risk remaining after controls and countermeasures are implemented?

The term for the risk remaining after controls and countermeasures have been implemented is "residual." This concept is critical in risk management and security domains, as it acknowledges that even with effective controls, there will always be some level of risk that cannot be completely eliminated.

Residual risk represents the exposure that remains after all possible measures have been taken to minimize risk. Understanding residual risk helps organizations make informed decisions about whether to accept it, mitigate it further, or invest in additional controls. It is an essential aspect of risk assessment, ensuring that stakeholders are aware of the potential vulnerabilities that still exist despite the risk management strategies deployed.

The other options do not accurately describe the remaining risk after controls are applied. "High" does not specify a type of risk but rather indicates a level, "null" suggests there is no risk present which contradicts the scenario, and "pertinent" does not relate to risk measurement in this context. Thus, "residual" clearly stands out as the correct term to describe the risk that remains.