The document discusses risk assessment and outlines the process of assigning risk ratings to information assets. It describes how likelihood is estimated based on factors like historical data and organization attributes. It then discusses identifying possible controls and documenting the results of the risk assessment process in a worksheet that lists assets, vulnerabilities, and calculated risk-rating factors.