This document outlines a 4 step process for conducting a risk assessment. The steps include: 1) identifying risks, 2) analyzing risks, 3) prioritizing risks, and 4) monitoring risks. Key activities within each step are identifying threats and vulnerabilities, determining the impact and likelihood of risks, prioritizing higher level risks, and regularly reassessing risks.