Microsoft released a new set of security guidance today called The Security Risk Management Guide. This guide contains a lot of good information around security risk. You can find the guide online here:
The Security Risk Management Guide
Customers can be overwhelmed when attempting to put in place a plan for security risk management. This can be because they do not have the in-house expertise, budget resources, or guidelines to outsource. To assist these customers, the Microsoft has developed The Security Risk Management Guide.
This guide helps customers of all types plan, build, and maintain a successful security risk management program. In a four phase process, depicted below, the guide explains how to conduct each phase of a risk management program and how to build an ongoing process to measure and drive security risks to an acceptable level.
You can also download the document. Here's the link.