It risk framework

Are there any useful IT risk frameworks that are applicable in general terms to any IT organisation? I appreciate risk is organation specific but high level risks around systems availability security etc are common to all. I was after a baseline of common risks and wondered if these have been defined in any top level framework in which to asses our mitigations/controls.
LVL 4
pma111Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Adam BrownSr Solutions ArchitectCommented:
The NIST Risk Management Framework: https://csrc.nist.gov/projects/risk-management/risk-management-framework-(RMF)-Overview 
It will give you a good strategic guide for managing risk in general.

If you're looking for specific risks, Info Sec generally views risks as a measured likelihood of something negatively impacting the Confidentiality, Integrity, or Availability of data. There is always a risk of natural disaster occurring, but we have to measure that risk against the cost required to mitigate the damage caused by a risk factor occurring.

Common risks are Natural Disaster, Theft, Equipment failure, Human Error, etc.
0
Travis MartinezStorage EngineerCommented:
Is this what you're looking for:

https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/nist800-30.pdf

"Risk Management Guide for Information Technology Systems "
0
btanExec ConsultantCommented:
The risk framework from NIST (below) and ISACA RiskIT), are good benchmark on the lifecyle and activities involved. The challenge is getting your stakeholder which may be au fait with such IT exposure and likely end up qith you to do the work instead of system owner. Need some guidance and education to develop the risk register and level of risk and acceptance with various authority identified for approval.
https://en.m.wikipedia.org/wiki/IT_risk

Example, the NIST Cybersecurity Framework encourages organizations to manage IT risk as part the Identify (ID) function
Risk Assessment (ID.RA): The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.

ID.RA-1: Asset vulnerabilities are identified and documented

ID.RA-2: Cyber threat intelligence and vulnerability information is received from information sharing forums and source

ID.RA-3: Threats, both internal and external, are identified and documented

ID.RA-4: Potential business impacts and likelihoods are identified

ID.RA-5: Threats, vulnerabilities, likelihoods, and impacts are used to determine risk

ID.RA-6: Risk responses are identified and prioritized

Risk Management Strategy (ID.RM): The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.

ID.RM-1: Risk management processes are established, managed, and agreed to by organizational stakeholders

ID.RM-2: Organizational risk tolerance is determined and clearly expressed

ID.RM-3: The organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis
The difficulty with asking for "list of IT risks" is that the threats that your organisation face will be entirely different from us though there can be similar categories which you can further contextualise. So I do advice that you should be l looking at the controls you have in place and the potential risks that your organisation face will be where controls are not in place.

https://simplicable.com/new/technology-risk
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
For author advice.
0
btanExec ConsultantCommented:
No futher inputs received
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Miscellaneous

From novice to tech pro — start learning today.