Abstract

With the increasing number of attacks related to information security, enterprises need to review the principles of risk management, to maintain the relevance and increase the reliability of information security management system. The article considers topical issues of risk management of significant objects of critical information infrastructure. International standards on information security ISO/IEC27001-2021, ISO/IEC 27005-2010 and requirements of the Federal Law of July 26, 2017. № 187-FL "On the security of critical information infrastructure of the Russian Federation". In particular, the rules of categorization of critical information infrastructure objects approved by the Government Decree of February 8, 2018. № 127 «On approving the rules of categorizing objects of critical information infrastructure of the Russian Federation, as well as the list of indicators of criteria for the significance objects of critical information infrastructure of the Russian Federation and their values were analyzed» regarding information security risk management are analyzed. A comparative table of the risk management process for an organization that has significant critical information infrastructure facilities and the categorization process for critical information infrastructure facilities is presenting. Developed recommendations for maintaining the relevance of risk management of critical information infrastructure entities.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.