Risk assessment Rolf Sture Normann CISA, CRISC, 27001 Lead implementer Secretary for information security in HE Norway, UNINETT.