Security Risk Assessment Guidance for SMEs

A small and medium-sized enterprise (SME) is preparing to conduct a security risk assessment to initiate a new domain within their organization. The poster is seeking advice on the procedure, process, and standards to follow, particularly among NIST, SANS, ISO, and CIS. They are also asking if anyone has personal experience in implementing a security risk assessment.