Customers can be overwhelmed when attempting to put in place a plan for security risk management. This can be because they do not have the in-house expertise, budget resources, or guidelines to outsource. To assist these customers, the Microsoft has developed The Security Risk Management Guide. This guide helps customers of all types plan, build, and maintain a successful security risk management program. In a four phase process, depicted below, the guide explains how to conduct each phase of a risk management program and how to build an ongoing process to measure and drive security risks to an acceptable level. This guide is technology agnostic and references many industry accepted standards for managing security risk. It is an important example of Microsoft's commitment to delivering quality guidance to help customers secure their Information Technology (IT) infrastructures. This guide incorporates real-world experiences from Microsoft IT and also includes input from Microsoft customers and partners.