SRA and ISO31000
There are many ways to conduct a Security Risk Assessment (SRA). The graphics below are adapted from ISO31000:2018 Risk Management Standard to give some additional guidance and a slightly different approach.
This graphic illustrates one example of how to consider threat and criticality in the context of a security risk assessment. It is similar to the process used in SECTARA where you will also find several articles on security risk management and assessment.