ABSTRACT
A security risk assessment is a project—a rather unique project that requires a specific skill set and activities, but a project, nonetheless. In this chapter, the fundamental elements of project management are discussed. These elements are planning, tracking, correction, and reporting. A successful risk assessment project will depend largely on the skill of the project manager and the quality of the project team. The ability of the project team members is dependent on their objectivity, knowledge of the system, and security risk assessment skills. Many arguments have been made for the inclusion of internal resources on the security risk assessment team. These arguments point out that complex systems and security controls can best be understood by those who are most familiar with these systems. Internal resources added as members of the security risk assessment team tend to be biased and inexperienced in security risk assessment methods.
