The University of SydneyPage 20Orion Strategy Process–Activity 1–Acknowledgement of possible security vulnerability–Collect perceptions of the problem situation–No analysis is undertaken per se–Activity 2–Identify risks and current security situation–Draw a detailed picture of the current situation–Focus on the existing structures and processes–Review security reports–Study outcomes of traditional risk analysis