U.S. Government Accountability Office: "Information Security Practices of Leading Organizations"
Read the introduction to this report. After you read, describe the recommended process for risk assessment including the different roles involved. Then, read each of the case studies. As you read, try to map these two case studies to the risk assessment processes in the introduction.