The paper features a comprehensive approach to risk management worked out during the ValueSec project (EU 7th Framework Programme). The motivation for research was presented, along with the course of the research, achieved project results and validation results. The methodology of risk management and a supporting tool were developed as a result of the project. They help decision makers to make complex strategic decisions about security measures. These complex decision-related problems were the reason to launch the research. The elaborated methodology is based on three pillars: assessment of the considered security measure ability to reduce risk, costs and benefits analysis with respect to the security measure application, and analysis of legal, social, cultural, and other restrictions that might impair or even destroy the efficiency of the functioning measures. In the project these restrictions are called qualitative criteria. The main added value of the ValueSec project is the elaboration of a special software module to analyse impacts of qualitative criteria on the considered measure. Based on the methodology, a ValueSec Toolset prototype was developed. The prototype was then validated in the following application domains: mass event, railway transport security, airport and air transport security, protection against flood, and protection of smart grids against cyber-attacks.