Risk Management Frameworks

This post features some general-purpose risk management frameworks.

For risk management frameworks specific for IT, please check this post.

List of Risk Management Frameworks

Risk management frameworks featured on this post:

  • ISO 31000
  • COSO’s ERM

ISO 31000

ISO 31000 is a framework for risk management.

COSO’s Enterprise Risk Management (ERM)

The Committee of Sponsoring Organisations of the Treadway Commission (COSO) is an organization whose current goal is, as explained by them, “help organizations improve performance by developing thought leadership that enhances internal control, risk management, governance and fraud deterrence“.

COSO developed the Enterprise Risk Management (ERM)—Integrated Framework. It was originally released in 2004. As of 2023, its latest update was in 2018.

COSO ERM is probably more related to enterprise risk management rather than specific IT risk management. It takes into account ISO 31000, that is focused on general risk management, as opposed to ISO 27005.

You can find more information about COSO’s ERM on this external link.

You might also be interested in…

External References

  • M. Chapple et al; “CISSP Study Guide Ninth Edition”, pp. 79-81; Wiley, 2021

Leave a Reply

Your email address will not be published. Required fields are marked *