Security is a process that requires the integration of security into business processes to ensure enterprise risk is minimized to an acceptable level. This chapter will introduce the concept of using risk analysis to drive security decisions, and to shape policies and standards for consistent and measurable implementation of security. Ensuring the security team is involved in IT policies and standards development, and the enterprise change management process is key to reducing risk to the enterprise, especially when changes include firewall policy modifications, business partner connectivity, changes to network architecture, and defined policies and standards. Additionally, exceptions to defined standards and policies ...