The foundation and most important process for a security risk assessment is identifying the project scope, meaning what is it that you will be assessing, where you will do this, and how you will measure the security systems and processes. The project scope sets the tone and the intent for the project and provides a clear path from the beginning to end. The project manager must be able to monitor the progress along the way and measure the results upon completion. We will walk you through the process of determining the measurement standards and key points of the project’s scope to ensure that you have a solid plan, and this chapter will give you the information to be successful.