Security measures taken in isolation and without reference to a concrete and relevant assessment and evaluation of actual risks are doomed to be inefficient. At best they do not address the real issues facing an organization and simply waste resources, at worst they provide management with inappropriate comfort over the level of security management that is in place. This paper reviews the key points of some relevant international standards, discusses the links between effective risk management and optimized security measures, and provides a case study illustrating the benefits to be obtained from a structured and integrated approach.