Information security is often categorized as simply computer security. Rather, information security is more correctly categorized as aligning business goals and risk. Information security acts as an umbrella over all organizations within a business to correlate seemingly disparate business risks and provide executive leadership with actionable information. Information security includes computer and network security, but that encompasses a small part of the overall risk to the business. Information security must also integrate into business goals, company policy and procedures, physical security and third party audits.