I have an entire folder full of risk frameworks that I draw from for inspiration when I’m performing a risk assessment or internal audit project. Here’s a few links that I hope you find helpful.

If you have something useful not listed below please share in the comments!

NIST Cybersecurity Framework Here
NIST Cloud Computing Framework Here
NIST Computer Security Framework Here
OWASP (infinite information on Web App Security) Here
ISACA IT Governance Framework Here
ISO 27000 Series (IT Security) Here
AICPA SOC 2 Framework Here
SANS Critical Security Controls Here
FFIEC on Cybersecurity Here
HIPAA Frameworks Here and Here