It is no doubt that organizations today have to go to extreme measures to protect themselves from a rapidly changing and an increasingly threatening range of information security risk. If an information security risk goes unnoticed, it can lead to reputational damage for the organization and severe financial regulatory. Controling the security level of highly important information therefore is deadly important.

Protecting information and information systems from unauthorized access, disruption, disclosure, use or destruction is considered information security . Risk could be defined as the possibility of a threat agent that takes advantage of the defenselessness and the impact it would have on the business. Trying read, modify or delete important data would be recognised as security risks for a business firm. In order to protect the information assets, information security management processes have been put in place.

It is understandable that not all the information require the same level of high security. Therefore measuring the importance of the information is important.Start with assigning information a security classification by indentifying a member of senior management as the owner of particular information that is to be classified. Normalization and grading of the information will help to protect data according to its importance. Some common labels used by businesses today are public sensitive, private and confidential. Understanding of the required security controls and handling procedures for each classification of information is required by all the people attached to a specific database.

Due to the rapid change of risk factors information security risk analysis are comparatively harder to handle. Costs are naturaly difficult to measure hence will go unnoticed. Even though the costs of hardware and software to build the controls may be estimated, it is impossible to account for the indirect costs such as the possible loss of productivity when new controls are implemented.Due to the increase in dramatic and constant changes in information security risk it is essential that organizations update their security systems frequently with better risk management controls.