How frequently should such an exercise take place during a project? After a system is deployed?  Do you think they missed any EXTREME risks? For the risk “students can’t get their passwords …” the...

How frequently should such an exercise take place during a project? After a system is deployed?  Do you think they missed any EXTREME risks? For the risk “students can’t get their passwords …” the team decided to allow proctors to access student passwords in order to assist students. What do you think of this response? What new security risk(s) might result from allowing proctors to access student accounts?