Implementing a Security Assessment and Authorization Process