Information Security Risk Assessment is the process used to
identify and understand risks to the confidentiality, integrity,
and availability of information and information systems. In its
simplest form, a risk assessment consists of the identification and
valuation of assets and an analysis of those assets in relation to
potential threats and vulnerabilities, resulting in a ranking of
risks to mitigate. The resulting information should be used to
develop strategies to mitigate those risks.
