Security through Information Risk Management

  title={Security through Information Risk Management},
  author={M. Eric Johnson and Eric Goetz and Shari Lawrence Pfleeger},
  journal={IEEE Security & Privacy},
Managing information risk means building risk analysis into every business decision. Chief information security officers widely agree that action plans must include risk categorization, communication, and measurement.