Which should information security risk management be?

Information security risk management is to take corresponding methods and measures on the basis of acceptable cost. Information security risk management is a process of managing risks related to the use of information technology. The purpose of information security risk management is to control the risk at an acceptable level, protect information and its related assets, and finally ensure that the organization can complete its mission and achieve its goals.