high-level overview of the audit and a detailed audit report that
            includes the details of the findings and recommendations of the
            auditor.



            Summary of the Risk Chapter

            Risk is an essential part of business today - whether that
            business is government, military, commercial enterprise, or even
            a not-for-profit endeavor. The management of that risk is one of
            the primary responsibilities of the security professional. Risk
            management starts with the careful, systematic assessment of
            risk to the assets of the organization - based on the value of
            assets, the types of threats, and the vulnerabilities associated
            with operations.

            Risk management then continues to determine the appropriate
            response that needs to be in place to address the identified risk
            through the selection of controls, risk acceptance, avoidance, or
            transference. Risk is not static and therefore requires careful
            monitoring.