1. Discuss the various risk assessment methodologies that may be in use today. Is there one that stands out to you being more productive than others? If so, please discuss why.
2. Drawing from your professional and/or academic experience, what role does non-technical reviews play during a risk assessment? What would have to be reviewed? Why the importance?
3. Discuss why you believe a threat assessment is needed prior to a risk assessment. What role does the threat assessment play?
4. What are countermeasures? Are they technical in nature, or non-technical as well?
5. What key role those a cost-benefit analysis play? How is it used?