As businesses become increasingly dependent on information systems for strategic operations, the issues of information security emerge. Many MIS researchers (e.g., Rainer et al. 1991; Straub & Welke 1998; Von Solms et al. 1994; and Ølnes 1994) have proposed theories and practices against information risks. While useful solutions were provided, seldom have considered associations of business information security strategy with the industrial sector and the computerization level. The purpose of this paper is to construct the feasible information security strategy that identify the protections required to avoid the information risks. Through comparing the perceived seriousness of the potential information risks with the degree of preparation against them, and with the perceived trend of information risk in the future, main information risks are inferred for businesses in different sectors and computerization levels. Organizations must become aware of these critical areas and ensure that the appropriate security measures are implemented to reduce the possibility of loss.