A key part of designing a security strategy involves risk assessment. Our tolerance to risk determines what provisions need to be in place to keep our risk at a manageable level. What is the process to determine an acceptable level of risk and how do we determine what security aspects need to be put in place?