Information Security is a quality Indicator in an organization and its presence requires placing limiting controllers , costly and difficult to do the job . therefor the realization and continuation of information security depends on the decisions and follow ups of the organizations management of the implementation of information security management processes.

The senior managers on one hand have security concerns on the other hand they are concerned about the costs and challenges of restrictive frameworks. Therefore the are looking for a optimal approach to implement information security measures enough , effective and affordable .

All of these actions can be affordable when the organization assess the level of current security risks. In the following of this process the organization should prioritize , plan and execute the quality and quantity of information security measures proportionate to the amount of risks. Therefore, the existence of a centralized security risk management process in the organization can reassure the managers of the organization about the correctness and adequacy of security measures so that the senior managers support the actions and monitor and follow up on their integrity.