In this chapter, we learned about information security risk management and how to perform the necessary task of risk management, which can be applied to your organization.

We discussed the following:

• Information security risk management concepts and how they are applied to the organization
• How to determine where valuable information is located within your organization
• How to perform a quick initial risk assessment to determine an organization's health
• How risk management affects the organization
• How information categorization is performed
• How information security risk management is performed

In the next chapter, we will discuss how to develop your information security plan, which is the foundational component of establishing your information security program and its continued governance.