A risk assessment is an important part of any information security process and will help in assigning priorities for mitigating risk. Users should review the Risk Assessment Reference Tool before starting to plan any mitigation efforts.  (See the Risk Assessment Reference Tool.)