Identifying information risks that might be impacting on high risk business