A risk assessment is an organization's review of potential threats to its computers and network and
the probability of those threats occurring. Its goal is to identify investments in time and resources
that can best protect the organization from its most likely and serious threats.