The risk assessment is a first step to learning what type of security measures are needed to protect confidentiality, integrity, and availability of assets.