IT Risk Management

t is an accepted truth that without risk there can be no gain. Every individual and organization must take some risks to succeed. Risk management is not about avoiding risks, but about taking risks in a controlled environment. To do this, one must understand the risks, their triggers, and their consequences.
Write a 34 page paper in which you:

Define clearly risk management and information security, and discuss how information security differs from information risk management.
Explain security policies and how they factor into risk management.
Describe at least two responsibilities for both IT and non-IT leaders in information risk management.
Describe how a risk management plan can be tailored to produce information system-specific plans.
Use at least two quality resources in this assignment. Note: Wikipedia and similar websites do not qualify as quality resources. The Strayer University Library is a good source for resources.