
Security Risk Assessment Project Management ◾ 429
© 2011 by Taylor & Francis Group, LLC
it. If not, for now, just use 10 percent for both hours and calendar time. If the
deviations from the project are caught soon enough or are small enough, you
can basically make an adjustment without aecting the nal deliverable or the
bottom line.
SIDEBAR 12.3 Keys to Ensuring Project Success
This book is filled with practical approaches for performing a security risk assessment. This view-
point, however, is mostly from the perspective of the information security engineer performing
the security risk assessment. It is the organization management, and not ...