I found a document published by the Cybersecurity and Infrastructure Security Agency (CISA) that describes the critical infrastructure risk management approach. This approach enables the integration of strategies, capabilities, and governance structures to enable risk-informed decision making related to the nation’s critical infrastructure. It can be applied to all threats and hazards, including cyber incidents, natural disasters, man-made safety hazards, and acts of terrorism. The document also mentions that this approach complements and supports the Threat and Hazard Identification and Risk Assessment (THIRA) process conducted by regional, state, and urban area jurisdictions.
I also found a resource document by CISA that introduces various methodologies that can be utilized by communities to perform an infrastructure-focused assessment of risk. This document provides an overview of different methodologies that can be used to assess risk as outlined in Step 3 of the Infrastructure Risk Prioritization Framework (IRPF).
If you are looking for specific tools for risk assessment, you may find it helpful to explore Sprinto’s list of 9 best risk assessment and management tools in 2023. These tools offer features such as automated key risk activities, customization for different frameworks/standards, pre-built customizable templates for risk management, and visual risk analysis dashboards.