Issues of formation of risk management of significant objects of critical information infrastructure

Abstract

With the increasing number of attacks related to information security, enterprises need to review the principles of risk management, to maintain the relevance and increase the reliability of information security management system. The article considers topical issues of risk management of significant objects of critical information infrastructure. International standards on information security ISO/IEC27001-2021, ISO/IEC 27005-2010 and requirements of the Federal Law of July 26, 2017. № 187-FL "On the security of critical information infrastructure of the Russian Federation". In particular, the rules of categorization of critical information infrastructure objects approved by the Government Decree of February 8, 2018. № 127 «On approving the rules of categorizing objects of critical information infrastructure of the Russian Federation, as well as the list of indicators of criteria for the significance objects of critical information infrastructure of the Russian Federation and their values were analyzed» regarding information security risk management are analyzed. A comparative table of the risk management process for an organization that has significant critical information infrastructure facilities and the categorization process for critical information infrastructure facilities is presenting. Developed recommendations for maintaining the relevance of risk management of critical information infrastructure entities.