If we don’t have a complete understanding of the security risks to our organization’s information assets, we won’t be able to properly allocate resources to protect them. During the risk assessment process we will also determine the value of information assets. By performing risk assessment you will determine the value of categories of information and the value of the systems that contain that information.