Many business executives mistakenly seek to reduce information security risk to zero. This is both impossible and wrongheaded. A better approach is to position InfoSec risk appropriately within a business risk portfolio, and manage and mitigate accordingly. This session provides a blueprint for crafting a BRP and embedding Infosec within it.