The Institute of Risk Management: Risk Management Standard (17 pages)
There are many ways of achieving the objectives of risk management and it would be impossible to try to set them all out in a single document. Therefore it was never intended to produce a prescriptive standard which would have led to a box ticking approach nor to establish a certifiable process. By meeting the various component parts of this standard, albeit in different ways, organisations will be in a position to report that they are in compliance.The standard represents best practice against which organisations can measure themselves.

NIST SP 800-30: Risk Management Guide for Information Technology Systems (55 pages)
This guide provides a foundation for the development of an effective risk management program, containing both the definitions and the practical guidance necessary for assessing and mitigating risks identified within IT systems. The ultimate goal is to help organizations to better manage IT-related mission risks.

CERT: OCTAVE^® (Operationally Critical Threat, Asset, and Vulnerability Evaluation^SM)
For an organization that wants to understand its information security needs, OCTAVE is a risk-based strategic assessment and planning technique for security.

CERT: Mission Assurance Analysis Protocol (MAAP): Assessing Risk in Complex Environments (59 pages)
The main focus of MAAP is developing advanced risk analysis techniques for highly complex and distributed work processes. However, we believe that MAAP can also be used to analyze risk in virtually all work processes, from very simple workflows to those that are distributed among multiple organizations.

Microsoft: Security Risk Management Guide
This guide helps customers of all types plan, build, and maintain a successful security risk management program. In a four phase process, depicted below, the guide explains how to conduct each phase of a risk management program and how to build an ongoing process to measure and drive security risks to an acceptable level.

Microsoft: Security Assessment Tool
This application is designed to help organizations with fewer than 1,000 employees assess weaknesses in their current IT security environment. It will help identify processes, resources, and technologies that are designed to promote good security planning and risk mitigation practices within your organization.

FEMA Risk Management Series (RMS) Publications
The RMS is a new FEMA series directed at providing design guidance for mitigating multihazard events. The publications are directed at manmade disasters. The objective of the series is to reduce physical damage to structural and nonstructural components of buildings and related infrastructure, and to reduce resultant casualties during conventional bomb attacks, as well as attacks using chemical, biological, and radiological agents. The underlining issue is that improving security in high occupancy buildings will better protect the nation from potential threats by identifying key actions and design criteria to strengthen our buildings from the forces that might be anticipated in a terrorist assault. The intended audience includes architects and engineers working for private institutions, building owners/operators/managers, and state and local government officials working in the building sciences community.

World Bank Technology Risk Checklist
The World Bank Technology Risk Checklist is designed to provide Chief Information Security Officers (CISO), Chief Technology Officers (CTO), Chief Financial Officers (CFO), Directors, Risk Managers and Systems Administrators with a way of measuring and validating the level of security within a particular organization.