Many times, security practitioners have felt that their project was completed once they finished the security risk assessment report. However, that is just not so. In fact, once the report is completed and published, you are at the midpoint of the project. Your next step is to plan your remediation steps, form a team, implement changes, and monitor and measure the outcomes of those changes. This chapter will explain this phase of the project in detail, giving you enough information to complete the project and be able to measure your outcomes.