RISK IT Framework + Practitioner Guide

ISACA publishes today the long awaited RISK-IT set od guigelines. The Risk IT Framework describes a detailed process model for the management of IT-related risk. In this model, multiple references are made to risk analysis, scenario analysis, responsibilities, key risk indicators and many other risk-related terms. The Risk IT Practitioner Guide contains practical, detailed guidance on how to accomplish some of the key activities described in the process model.
The Risk IT Framework fills the gap between generic risk management frameworks and detailed (primarily security-related) IT risk management frameworks. It provides an end-to-end, comprehensive view of all risks related to the use of IT and a similarly thorough treatment of risk management, from the tone and culture at the top, to operational issues. In summary, the framework will enable enterprises to understand and manage all significant IT risk types, building upon the existing risk related components within the current ISACA frameworks, i.e., COBIT and Val IT.
The Risk IT Brochure & Framework are available free for everybody to download. The Risk IT Practitioner Guide with the toolkit can be freely downloaded by ISACA members. All these publications may be purchased in book format.
■ The Risk IT Brochure (PDF, 160K) Sep 2009
■ The Risk IT Framework (PDF, 4.6M) Nov 2009
■ The Risk IT Practitioner Guide (PDF, 5.7M) Nov 2009
■ The Risk IT Practitioner Guide Toolkit (Zip, 195K) Nov 2009
The Risk IT Brochure
■ What is Risk IT?
■ What does Risk IT do?
■ What are the benefits of using Risk IT?
The Risk IT Framework
■ Principles
■ Process Details
■ Management Guidelines
■ Maturity Models
The Risk IT Practitioner Guide
■ Risk Universe, Appetite and Tolerance
■ Risk Awareness, Communication and Reporting
■ Expressing and Describing Risk, Risk Scenarios
■ Risk Responses and Prioritisation
■ Using COBIT® and Val ITTM
The Risk IT Practitioner Guide Toolkit
■ High-level IT Risk Assessment Form
■ Risk Communication Flows
■ Template Risk Register Entry
■ Generic IT Risk Scenarios
■ Generic IT Risk Scenarios Mapped to COBIT and Val IT Processes
■ Generic IT Risk Scenarios and Environmental Risk Factors
■ COBIT Controls and Val IT Key Management Practices to Mitigate IT Risk