A Risk Assessment determines the likelihood and impact of a security breach in the organization’s critical business information. It involves studying and assessing the vulnerabilities and strengths of the information security, including the administrative, technical and physical elements.