Is there is a specific risk analysis method that I must follow?

No. A risk analysis can be performed in countless ways. OCR has issued Guidance on Risk
Analysis Requirements of the Security Rule. This guidance assists organizations in identifying
and implementing the most effective and appropriate safeguards to secure e-PHI.