From ER. Ankit a great listing of RA resources! 

𝟭. 𝗜𝗦𝗢 𝟮𝟳𝟬𝟬𝟱 (https://lnkd.in/gMKsx-uj)

The ISO standard on security risk assessments. Appendix includes a list of things your should ask leadership as well as a list of threats, vulnerabilities, and attack vectors.

𝟮. 𝗡𝗜𝗦𝗧 𝟴𝟬𝟬-𝟯𝟬 (https://lnkd.in/gWTm3mxG)

The federal standard for risk assessment referenced by almost everyone. This is foundational thinking that everyone should have a basic understanding.

𝟯. 𝗖𝗜𝗦 𝗥𝗔𝗠 – 𝗥𝗶𝘀𝗸 𝗔𝘀𝘀𝗲𝘀𝘀𝗺𝗲𝗻𝘁 𝗠𝗲𝘁𝗵𝗼𝗱 (https://lnkd.in/grxJE3vw)

I love CIS. I find everything they do to be practical and actionable. They also include templates you can pick up and use right away.

𝟰. 𝗙𝗮𝗶𝗿 𝗜𝗻𝘀𝘁𝗶𝘁𝘂𝘁𝗲 (https://lnkd.in/g8AwNaCK)

I have heard great things about FAIR from other security leaders I trust. This one comes highly recommended, especially if you are looking for guidance on how to quantify risk.

𝟱. 𝗛𝗜𝗣𝗔𝗔 𝗥𝗶𝘀𝗸 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀 (https://lnkd.in/gxfN7-rc)

If you are required to be HIPAA compliance, this is mandatory reading. Also great for tools and templates.

𝟲. 𝗜𝗦𝗔𝗖𝗔 𝗚𝘂𝗶𝗱𝗮𝗻𝗰𝗲 𝗼𝗻 𝗥𝗶𝘀𝗸 𝗔𝘀𝘀𝗲𝘀𝘀𝗺𝗲𝗻𝘁𝘀 (https://lnkd.in/g5kMF2mE)

ISACA offers tons of guidance on risk assessments written by professionals across the industry.

𝟳. 𝗣𝗖𝗜 𝗗𝗦𝗦 𝗚𝘂𝗶𝗱𝗮𝗻𝗰𝗲 𝗼𝗻 𝗥𝗶𝘀𝗸 𝗔𝘀𝘀𝗲𝘀𝘀𝗺𝗲𝗻𝘁 (https://lnkd.in/gYnqBERW)

PCI is such a big compliance standard, that I had to include their perspective on the list. We expect the recently released version 4.0 to shake things up a lot.

𝟴. 𝗛𝗲𝗮𝗹𝘁𝗵 𝗜𝗧 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗥𝗶𝘀𝗸 𝗔𝘀𝘀𝗲𝘀𝘀𝗺𝗲𝗻𝘁 𝗧𝗼𝗼𝗹 (https://lnkd.in/g5eSnvuH)

Free tools and templates directly from the government.

𝟴. 𝗖𝗹𝗼𝘂𝗱 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗔𝗹𝗹𝗶𝗮𝗻𝗰𝗲 𝗢𝗰𝘁𝗮𝗴𝗼𝗻 𝗠𝗼𝗱𝗲𝗹 (https://lnkd.in/gRSxDKHp)

If you are in the cloud, this should be mandatory reading.

𝟭𝟬. 𝗔𝗪𝗦, 𝗚𝗖𝗣, 𝗔𝘇𝘂𝗿𝗲 𝗚𝘂𝗶𝗱𝗮𝗻𝗰𝗲 𝗼𝗻 𝗥𝗶𝘀𝗸 𝗔𝘀𝘀𝗲𝘀𝘀𝗺𝗲𝗻𝘁𝘀

AWS – https://lnkd.in/gf5RDv2i

GCP – https://lnkd.in/ggcVJz56

Azure – https://lnkd.in/gv73Uz9F

𝟭𝟭. 𝗣𝗵𝗮𝗹𝗮𝗻𝘅 𝗚𝗥𝗖 𝗥𝗶𝘀𝗸 𝗥𝗲𝗴𝗶𝘀𝘁𝗲𝗿 (https://lnkd.in/gfywxZab)

You can sign up and use this risk register for free. Risk scoring, risk tracking, great dashboards, and more.