I've been talking a lot about risk management lately and I'm not the only one. And people are starting to get security and risk management all tied up. I know that's what inspired Rich Mogull's recent post about how the world needs both security and risk management.
I take issue with his title, though - he says that security and risk management are "lovers, not twins". I think that's over-inflating the importance of security. The relationship is far more one of parent (risk management) and child (security) - the two disciplines aren't peers... security is a sub-set of risk management.
While we want to believe that security is important (and it very much is), it's not THAT important that it takes on the same status within a business as operational risk management - security is a part of the discipline of operational risk management, but only one part.