Scientific paper ID 1700 : 2018/2

Mariya Hristova, Dimitar Bahchedzhiev

In today`s interconnected world, information and processes, systems, networks, and staff involved in its processing, use and protection are assets that are valuable to the survival of organizations and protection against various threats and dangers. This is why computer security and information protection of computer systems and networks and the information they use are key elements of information security.

Organizations must build and maintain competence and knowledge in the field of information security. According to the authors of the present work, this can be done in the most structured and comprehensive way, with the help of the adapted ments and practices, which are laid down in the internationally approved framework and practices of the international ISO / IEC 27000 series of information security standards. The article presents the management process of the risk of ensuring the security of information. The ”bowl method” is considered as a particularly useful graphical method for risk analysis. It examines the structure of standards, ments, recommendations for creation, development and maintenance of information security management systems. Innovative approaches for implementing the control measures of Annex A of BSS EN ISO / IEC 27001: 2017 and the Code of Practice for Risk Management in providing information security are analyzed.

информация информационна сигурност управление на риска стандарти система за управление на сигурността на информациятаinformation information security risk management standards information security management system.Mariya Hristova Dimitar Bahchedzhiev


[1] The Global Risks Report 2018, World Economic Forum,

[2] Narachnik po kibersigurnost,
( [2] Наръчник по киберсигурност, )

[3] Stoev, St. Klasifikatsiya na iztochnitsi na risk za IS, Yubileyna nauchna konferentsiya “Predizvikatelstva pred informatsionnite tehnologii v konteksta na “Horizont 2020”. Svishtov, 2016, s. 298-305.
( [3] Стоев, Ст. Класификация на източници на риск за ИС, Юбилейна научна конференция “Предизвикателства пред информационните технологии в контекста на “Хоризонт 2020”. Свищов, 2016, с. 298-305. )

[4] INTERNATIONAL STANDARD IEC/ISO 31000:2018, Risk management – Guidelines,

[5] IEC 31010, Risk management – Risk assessment techniques,

[6] ISO/IEC 27000 family - Information security management systems,

[7] Tselkov V., O. Ismailov, N. Stoyanov, Upravlenie na riska, testvane i otsenka na mrezhovata i informatsionna sigurnost, DOI: 10.13140/RG.2.1.4766.4406, 2014
( [7] Целков В., О. Исмаилов, Н. Стоянов, Управление на риска, тестване и оценка на мрежовата и информационна сигурност, DOI: 10.13140/RG.2.1.4766.4406, 2014 )

[8] Tsenkov Yu. Analiz na riska pri proekti za razvitie na vaorazheniyata, avtoreferat na disertatsionen trud za prisazhdane na nauchna stepen doktor, 2014
( [8] Ценков Ю. Анализ на риска при проекти за развитие на въоръженията, aвтореферат на дисертационен труд за присъждане на научна степен доктор, 2014 )


[10] ISO/IEC 27000:2018 Information technology - Security techniques -Information security management systems -Overview and vocabulary

[11] БДС EN ISO/IEC 27001:2017 - Information technology - Security techniques - Information security management systems - ments

[12] ISO/IEC 27005:2018 - Information technology - Security techniques -Information security risk management (third edition),

[13] Republika Balgariya, Natsionalna strategiya za kiber sigurnost „Kiber ustoychiva Balgariya 2020”
( [13] Република България, Национална стратегия за кибер сигурност „Кибер устойчива България 2020” )

[14] NAREDBA za obshtite iziskvaniya za mrezhova i informatsionna sigurnost,
( [14] НАРЕДБА за общите изисквания за мрежова и информационна сигурност, )




This site uses cookies as they are important to its work.

Accept all cookies
Cookies Policy