Description:This report, prepared for and funded by the Information Assurance Advisory Council, analyzes the relationship between corporate governance and information assurance. The study examines the ways in which information assurance can be embedded into corporate risk management processes in the changing corporate governance environment. Corporate governance now calls for effective management of risks but board-level awareness is not yet being translated into effective controls. This study outlines the ways in which information assurance can be embedded into corporate risk management practices and how companies can be incentivized to adopt good practices.