ABSTRACT
A security risk assessment project can mean many things to many people. If there is not a common meaning between the security risk assessment team and the security risk assessment consumer (or other stakeholders) then it is rather difficult to ensure a successful project. Definition of a security risk assessment project requires knowledge of the budget, objective, scope, and the level of rigor of analysis expected. Each of these areas is discussed in this chapter. This chapter is dedicated to review how to ensure a successful security risk assessment project. The customer of a security risk assessment includes the “sponsor” of the security risk assessment and additional stakeholders within the assessed organization. The importance of the real quality of work and the perceived quality of work reflected by the document must be well understood by the entire security risk assessment team.
