Critical incident management systems (CIMS) are information systems used to deal with day to day occurring emergencies as well as to mitigate major catastrophic events which can be man-made (9/11 attacks, Oklahoma bombings, etc) or simply an act of nature (Category 5 hurricanes Andrews, category 4 hurricane Katrina, Earthquake in San Francisco, etc). There are several CIMS in use today. Unfortunately, these current systems do not regard risk as a crucial part of the decision-making scenario. Existing literature has also not addressed this issue adequately. To effectively assess and analyze CIMS risk factors, it is necessary to identify the factors relating to assessing particular kinds of risks to such systems. This paper develops a framework for analyzing the risks that are important for CIMS to take into account. We use the economic theory of shortage to develop the framework. Furthermore, feedback from expert practitioners has been used to refine the framework.