Cybersecurity risk assessment involves identifying critical assets, analyzing threat actors and attack vectors, evaluating existing security controls, and determining residual risk levels. Common methodologies include NIST 800-30, OCTAVE, and FAIR-based quantification approaches. Assessments typically result in prioritized recommendations and risk treatment plans. A healthcare provider conducting a cybersecurity risk assessment would inventory systems containing protected health information, evaluate threats like ransomware and insider access abuse, test controls such as encryption and access management, and produce a risk register prioritizing remediation based on likelihood and potential patient safety and privacy impacts.