Abstract — The paper considers and discusses two closely related concepts and process, namely Risk Management and Security Management. Practically, there is a tendency to consider Risk Management as a plenty process capable to protect information assets. Based on the literature and international standards, the paper gives an overview of all the aspects and activities related to both processes. Risk Management and Security Management are analyzed in order to point out their particularities and similitudes. The paper aims to clarify both concepts focusing on an operational, organizational and conceptual point of view by explaining which are the differences and why these two process can not been conceived or operated separately.