By identifying an organization’s risk areas, gaps in how it is addressing those risks and, ultimately, by providing recommended actions for closing those gaps, cybersecurity risk assessments have become a critical part of a robust cybersecurity program. With input from attorneys and technical consultants with experience conducting these audits, our two-part series takes a deep dive into the topic. Part one covers the scope and purpose of the assessment, the roles of internal stakeholders and third parties, and also examines what the risk assessment entails, including initial steps and the evaluation of technical, administrative and physical safeguards. Part two will offer details on what the written report looks like and how it is used, recommend actions for follow-up, and provide a discussion of common roadblocks and solutions. See also “How In-House Counsel, Management and the Board Can Collaborate to Manage Cyber Risks and Liability (Part One of Two)” (Jan. 20, 2016); Part Two (Feb. 3, 2016).