1. Who is responsible for risk management in an organization?
2. Which community of interest usually takes the lead in information asset risk management?
3. Which community of interest usually provides the resources used when undertaking information asset risk management?
4. In risk management strategies, why must periodic reviews be a part of the process?