There exist several Risk Assessment methods in addition to related ISO standards. This one from UK goverment contains also a worked example. It is worth to have a quick look.
It is on the CESG site. CESG is the UK Government’s National Technical Authority for Information Assurance (IA).
Other links to CESG IA are: