Your company or organization has determined that a comprehensive security risk assessment needs to be conducted. You are in charge of making sure it gets done. What do you do? (How will you assemble the team and who will comprise it? Will you do it in house or contract it out? How will you define the scope of their work? What methodology and techniques will you use for the assessment? How will you report your results - and to whom?)