The article provides approaches to the information security threats assessment in the case when the owner of an information resource has the right to choose an approach to the assessment. The official website of the organization presented in the article is not an information system that implies a strict approach to information security threats assessment because the information system does not process personal data, state information resources and other similar data. To prepare the article, regulatory and methodological documents of the federal executive authorities of the Russian Federation, international standards were studied. As the basis, methodological document «Methodology for assessing threats to information security» (February 5, 2021) and standard ISO/IEC 27005 «Information technology. Security techniques. Information Security Risk Management» were taken. The authors have prepared schemes with the main stages of information security threat assessment (risk assessment). Each described stage is implemented for the considered information system.