Thoughts and opinions on information security from a practical Risk Management perspective