2. Drawing from your professional and/or academic experience, what role does non-technical reviews play during a risk assessment? What would have to be reviewed? Why the importance?
3. Discuss why you believe a threat assessment is needed prior to a risk assessment. What role does the threat assessment play?
4. What are countermeasures? Are they technical in nature, or non-technical as well?
5. What key role those a cost-benefit analysis play? How is it used?