Please read the Document attached:
The Questions:
List and describe the required tools needed for an effective assessment. What are some common mistakes and errors that occur when preparing for a security assessment?
Describe in depth the role in which organizational risk tolerance plays in relation to systems under assessment.
Identify and describe what threat agents should be avoided in preparation for an assessment. How do we effectively screen out irrelevant threats and attacks in this preparation?
Identify when to use architecture representation diagrams and communication flows. Define and illustrate when decomposing of architecture would be used. Provide an example of architecture risk assessment and threat modeling.