... well known recommendations for IS are the BS 7 799 series (British Standards Institute [BSi], 199 9), (BSi, 2002) and (FISMA, 2004). The BS 7 799 series were developed by the British Government ... (ISO 73, 20 09) . (ISO 27001, 2006) and (ISO 27002, 2005) are based on BS 7 799 -2 and ISO 17 799 -1. The recommendation ISO 27001 introduces a model to establish, A Comprehensive Risk Management ... the associated financial aspect, as any other costs (time, processing, electric power, throughput, etc.) (Pontes et al, 2009a, 2009b, 2009c, 2010). However, for the decision makers it does not...