This paper discusses risk management planning. First risk management is explained including a description for the primary components of risk identification, risk assessment and prioritization, and finally risk controls. Controls is broken down into its constituent categories of avoidance, transference, mitigation and acceptance. Next is an overview of risk management from the perspective of a large financial firm. Finally, two key risks, phishing attacks and regulatory requirements, are evaluated by each of the components of risk management and the categories of controls.