Information security risks pose a considerable threat to businesses due to the possibility of financial loss or damage, loss of essential network services, or loss of reputation and customer confidence. Risk management is one of the key elements in preventing online fraud, identity theft, damage to Web sites, loss of personal data and many other information security incidents. Without a solid risk management framework, organizations expose themselves to many types of cyber threats.