The basic process of information security risk assessment is mainly divided into:
Risk assessment preparation process
2. Asset appraisal process?
3. Threat identification process?
4. Vulnerability identification process?
5. Risk analysis process?
The concept of information security risk assessment involves four main factors: assets, threats, vulnerability and risks.
I hope I can help you, thank you!