The outstanding value of this book is the smart combination of methods and practical guidelines into one handy book. This reference manual is based on the substantial applied experience of the author. Like Andreas' earlier publications, "e;The project is dead... long live the project! (2004)"e; and "e;Der Software- Testprozess fur IT-Manager (2002)"e;, this one is also a pragmatic guide. Many books have been written about Information Security. Most of them are thick and scientific. Here comes the down-to-earth answer for implementers. For those dealing with risks in Information or IT Management this guide is useful in multiple ways: The reader gets a deep insight into applied Information and IT risk management and it helps to build and maintain a well functioning Information and IT risk management system. The guide consists of four main sections. In the first section "e;RISK MANAGEMENT ESSENTIALS"e; the foundation of risk management is explained. In the next section "e;THE SIMPLIFIED APPROACH"e; an easy implementation process for Information and IT risk management is described and illustrated. In the following section "e;TEMPLATES"e; various examples and templates are provided and ready to use for the implementation. The last section "e;INFORMATION AND IT RISK MANAGEMENT LEXICON"e; explains the terms used in Information and IT risk management. In addition there are arguments to bring forward to gain management support and for practicing continuous Information and IT risk management. There is a pragmatic ramework available including possible pitfalls when implementing Information and IT risk management. Finally, the famous "e;Golden Rules"e; describe best practices methods. "e;Drawing from his experience, Andreas von Grebmer has written a book which allows the practitioner to engage in Risk Management and to develop an approach to treating Risk Management [] making it universally applicable in the increasingly complex jungle of rules, regulations and standards"e;, Reto Zbinden, Frsprecher, CEO infosec.ch. "e;... few valuable collections of information on IT risk management exist, that strike the right balance between the theoretical and methodological foundations. That [book] is to say the practitioner's view of setting up and using appropriate and sufficiently efficient and effective IT risk management elements "e;, Dr. Hannes P. Lubich, Senior Consultant, BT Global Services. On 179 pages well prepared with a lot of colored graphs the reader is introduced to a ready to use risk management approach.