Risk Management is the foundation for all security decisions. ISRM: Information Security Risk Management ISRM, or Information Security Risk Management is the process of managing risks associated with the use of information technology. It involves identifying, assessing, and treating risks to the confidentiality, integrity, and availability of an organization’s assets. Managing risks associated with the IT/CIA Triad Source Risk Definitions Lingo for identifying risk. For the CISSP, you need to be solid on definitions since organizations use of terms can shift a bit.