There exist several Risk Assessment methods in addition to related ISO standards. This one from UK goverment contains also a worked example. It is worth to have a quick look.
Document “HMG IA Standard No.1 – Technical Risk Assessment – Issue 3.51, October 2009“.
It is on the CESG site. CESG is the UK Government’s National Technical Authority for Information Assurance (IA).
Other links to CESG IA are: