Digital convergence, the growing complexity of subcontracting networks and the rise in new, unknown risks call for a new paradigm in information security management. Joint operation agreements between organizations as well as demands from third party actors, such as government and environmental activists, require novel information security management procedures that manage the associated information systems as a whole -from the political, social and legal point of view in addition to the traditional information security view. To tackle these uprising issues we propose holistic handling for risk management and information security management and assurance.