An information security risk assessment involves identifying and assessing risks to confidentiality, integrity and availability of information and information systems.
An information security risk assessment is used to understand the scale of a threat to the security of information and the probability for the threat to be realized.
The result of an information security risk assessment can be used to prioritize efforts to counteract the threats.