This document outlines the process of IT security risk assessment. It discusses key terminology like assets, threats, vulnerabilities, and risks. It then describes different approaches to security risk assessment like baseline, informal, formal, and combined. The detailed risk analysis process is also explained including steps like asset identification, threat identification, vulnerability identification, risk analysis, likelihood determination, impact analysis, risk determination, and control recommendations. Specific examples are provided to illustrate each step of the risk assessment process.