... models intending the ongoing Risk Management for identifying, evaluating, controlling, monitoring, reducing and/ or accepting risks. Fig. 1 presents an overview of some RM and IS management standards, ... impacts, risks and security controls for handling risks) the inclusion of ROSI provides a more discerning evaluation for selecting and acquiring IS controls in IT. The discerning evaluation is mainly ... framework over the traditional RM in IS, in order to obtain cost-effectiveness of IS controls, reducing uncertainties and risks in IT environment, and finally improving the probability of positive...