The learning unit aims to show how the information security manager must help the management in risk management for the enterprise. The risk assessment techniques and methodologies will be described and tested in case-studies in order to provide also theoretical/practical elements to define and implement an effective balance between the effort of contrasting risks and how critical assets are. the learning unit deals also with how to manage incidents, i.e. in case of risks happening. The learners will learn the incident management process and methodologies and apply them in a case study.