How would you conduct a risk assessment for a new security control or architecture change at T-Mobile?