The general applicability of information warfare as an extension of information assurance seems prudent. CIO’s and CISO’s should be aware of correlating risks and act appropriately. The modern enterprise is dependent on an ever-growing need for information and automated information management systems. While information assurance offers a holistic approach to defending a business organization, the risks of all three classes of information warfare are not even brought into question in corporate-level information assurance policy management frameworks. The following model is an attempt to describe where information operations risk management could be implemented. Short-term damage can largely be applied to class 2 information warfare (corporate implications), while long-term damage can be applied to class 3 information warfare (regional or global implications).