Hi All, The need of understanding cyber-security risk has been escalating. White House released an executive order on cybersecurity of federal networks and critical infrastructures underlining Cyber Risk Management. The link is here: https://www.whitehouse.gov/the-press-office/2017/05/11/presidential-executive-order-strengthening-cybersecurity-federal NSA funds academia to develop a curriculum cybersecurity, cyber risk management, critical infrastructures, and so on. ODU EMSE department has been awarded NSA grant to develop a Cybersecurity Risk Management curriculum. To understand better the risk of cyber-security, there are some questions need to be addressed. I will share the questions on this forum to get insight from industry and government employees. Question1: How well is the human component of cybersecurity risk understood? What are current and future practices to embed human elements to assess the cybersecurity risk?