1. Discuss what is meant by “acceptable risk” in determining a risk management plan relating to critical infrastructure, and how the level of acceptable risk may differ among stakeholders.
2. What critical infrastructure protection-related decisions might a risk assessment support? (examples include protective measures, facilities placement, response capabilities, etc.)
3. How do the Government Accountability Office (GAO) and the 2013 National Infrastructure Protection Plan (NIPP) risk frameworks differ?
Risk Assessment Methodologies for Critical Infrastructure Protection Part 1: State of the Art. Retrieved from
Congressional Research Service. (2002, August 20). What Makes Infrastructure Critical? Retrieved from