Risks related to information communication and technologies (ICTs) still occur in organizations. In spite of development of ICT risk management methodologies that have been published in numerous frameworks and/or standards to help organizations deal with ICT risks, it has still been questioned about whether or not its methodology has manifested success. This research identifies the current profile of ICT risk management planning and investigates success in implementation in Thai organizations of both the Control Objectives for the Information and related Technology (COBIT) framework and the ISO/IEC 17799 standard for dealing with ICT risk management. The findings from three case studies indicate that successful ICT risk management planning focuses on the collaboration between the management level activities and the operational level activities in order to cope with ICT risks successfully.