I have an entire folder full of risk frameworks that I draw from for inspiration when I’m performing a risk assessment or internal audit project. Here’s a few links that I hope you find helpful.
If you have something useful not listed below please share in the comments!
|NIST Cybersecurity Framework||Here|
|NIST Cloud Computing Framework||Here|
|NIST Computer Security Framework||Here|
|OWASP (infinite information on Web App Security)||Here|
|ISACA IT Governance Framework||Here|
|ISO 27000 Series (IT Security)||Here|
|AICPA SOC 2 Framework||Here|
|SANS Critical Security Controls||Here|
|FFIEC on Cybersecurity||Here|
|HIPAA Frameworks||Here and Here|