Security through Information Risk Management

@article{Johnson2009SecurityTI,
  title={Security through Information Risk Management},
  author={M. Eric Johnson and Eric Goetz and Shari Lawrence Pfleeger},
  journal={IEEE Security & Privacy},
  year={2009},
  volume={7}
}
Managing information risk means building risk analysis into every business decision. Chief information security officers widely agree that action plans must include risk categorization, communication, and measurement.