ISACA is one of the leading international, non-profit organizations putting out what is now one of the world’s most respected set of information security and risk IT framework & IT certifications:
- COBIT, Business Framework for Governance and Management of IT Val IT, IT Framework for Business Technology Management
- Risk IT, Framework for IT Related Business Risk
- CISA, Certified Information System Auditor
- CISM, Certified Information System Manager
- CGEIT, Certified in Governance of IT
- CRISC, Certified in Risk of Information Systems Controls
- ISACA used to stand for Information Systems Audit and Control Association, but is now just ISACA.
ISACA Risk IT Framework
The ISACA has a The Risk IT Practitioner Guide
The Risk IT Framework fills the gap between generic risk management frameworks and detailed (primarily security-related) IT risk management frameworks. It provides an end-to-end, comprehensive view of all risks related to the use of IT and a similarly thorough treatment of risk management, from the tone and culture at the top, to operational issues. In summary, the framework will enable enterprises to understand and manage all significant IT risk types, building upon the existing risk related components within the current ISACA frameworks, i.e., COBIT and Val IT. http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/The-Risk-IT-Framework.aspx
ISACA Risk IT Framework is more that just a complement to DIARMF/NIST Risk Management framwork, its a complete framework that stands on its own that would be great for a non-government corporate entity to use.