This report, prepared for and funded by the Information Assurance Advisory Council, analyzes the relationship between corporate governance and information assurance and examines the ways in which information assurance can be embedded into corporate risk management processes in the changing corporate governance environment. It outlines the ways in which information assurance can be embedded into corporate risk management practices and how companies can be incentivized to adopt good practices.