This document discusses security architecture risk assessment and asks four questions: when should the architect begin analysis, what activities the architect must execute, what knowledge domains are applied to analysis, and what tips can make the assessment easier.