Risk assessment is the first process in any information security risk management program. Risk assessments are used to identify, estimate and prioritize risks to organizational operations and assets resulting from the operation and use of information systems and the appropriate controls for reducing or eliminating these identified risks.
