This post features some general-purpose risk management frameworks.
For risk management frameworks specific for IT, please check this post.
List of Risk Management Frameworks
Risk management frameworks featured on this post:
- ISO 31000
- NIST 800-37
- COSO’s ERM
ISO 31000
ISO 31000 is a framework for risk management.
NIST 800-37
NIST 800-37 is a risk framework issued by the USA National Institute of Standards and Technology (NIST).
As of May 2024, its latest version is NIST 800-37 v2.
COSO’s Enterprise Risk Management (ERM)
The Committee of Sponsoring Organisations of the Treadway Commission (COSO) is an organization whose current goal is, as explained by them, “help organizations improve performance by developing thought leadership that enhances internal control, risk management, governance and fraud deterrence“.
COSO developed the Enterprise Risk Management (ERM)—Integrated Framework. It was originally released in 2004. As of 2023, its latest update was in 2018.
COSO ERM is probably more related to enterprise risk management rather than specific IT risk management. It takes into account ISO 31000, that is focused on general risk management, as opposed to ISO 27005.
You can find more information about COSO’s ERM on this external link.
You might also be interested in…
External References
- M. Chapple et al; “CISSP Study Guide Ninth Edition”, pp. 79-81; Wiley, 2021