Information security governance is the key to successful implementation of information security and risk management in any business enterprises. Risk Management is essential to the implementation of Information Security in any organizations. This module explains the importance of governance and risk management, the various challenges information security management faces when establishing information security practices in the enterprise. It also discusses how to develop and implement an information security and risk management framework, develop policy, establish compliance of the enterprise, conduct various risk assessment and manage risks, and how to include privacy in the design of your business applications.