This paper reports a study of the key factors that affect ICT risk management using Thai businesses as the data sources. Three hundred and two respondents from listed organisations on the Stock Exchange of Thailand (SET) were surveyed and the data analysed to establish the strength of relationships in a model derived from extant literature and the application of the two most commonly used governance standards for information and communication technology (ICT), COBIT and ISO/IEC 17799. The research shows that a small number of key factors have the most effect on successful ICT risk management, namely organisational policy, human resource management planning, organisational security and management of ICT. The focus of the research is to propose the successful ICT risk management model to organisations.