Risks in supply chains are first identified and then prioritized based on their probability of occurrence and their impact. Attempts to mitigate risks in the absence of complete and accurate information about their likelihood and impact may constitute a significant waste of resources. Since the resources available for risk management are usually limited, firms need to know how to allocate these funds appropriately. That is, a strategy is required to determine which risks are a priority in terms of acquiring complete and accurate information. We develop a model that incorporates two conflicting terms to address this issue. The first, captured by entropy, measures the resources wasted due to risk factors for which there is inaccurate information about the probability of occurrence and impact. The second is the cost associated with the efforts expended in collecting accurate information about risk factors. To solve the model, we propose a stopping-rule algorithm. Its efficiency is verified using data gathered from a real-world pharmaceutical and generalized green supply chains. Numerous computerized experiments show that the stopping-rule algorithm prevails over the widely used risk-management Pareto rule, and that the algorithm is able to achieve the optimal solution in 94% of investigated cases.