In the face of growing demand to target security investments based on risk management principles–a domain foreign to many CIOs and infosec practitioners–there’s wisdom to be garnered from our peers. Zero in on the information security risks facing your company, or you’ll likely find yourself overwhelmed. That’s the overall message of our 2008 InformationWeek Strategic Security Study, which polled nearly 1,100 IT and business professionals about plans and priorities for securing their companies’ assets. Getting the money for security isn’t the biggest problem: Fully 95% will see their budgets either hold steady or increase this year. It’s that the money isn’t making data safer.