There are many different ways to assess the risks that might be in your environment and the resources that are available. One common thing you can do is a business impact analysis. You need to understand what resources assessment management group, you have in your environment, what services that you’re making available to other people, and the things that are important your organization. and then you need to think about the threats that are out there that might have an impact on those particular resources.
Need to consideration how likely some of these attacks might be you need to understand this threat be something that would be very easy to occur? Is this something we are having spam come in every day that might be phishing us? or, are these threats very uncommon threats the might be associated with operating system vulnerabilities? Then we need to think about if the machine was attacked and brought down and there was a problem, and that resource was no longer available, what is the impact of the organization? is this something that is going to create a major issue for us? if so, perhaps, we need to mitigate that with some other security devices.