Scientific paper ID 1700 : 2018/2

In today`s interconnected world, information and processes, systems, networks, and staff involved in its processing, use and protection are assets that are valuable to the survival of organizations and protection against various threats and dangers. This is why computer security and information protection of computer systems and networks and the information they use are key elements of information security.

Organizations must build and maintain competence and knowledge in the field of information security. According to the authors of the present work, this can be done in the most structured and comprehensive way, with the help of the adapted ments and practices, which are laid down in the internationally approved framework and practices of the international ISO / IEC 27000 series of information security standards. The article presents the management process of the risk of ensuring the security of information. The ”bowl method” is considered as a particularly useful graphical method for risk analysis. It examines the structure of standards, ments, recommendations for creation, development and maintenance of information security management systems. Innovative approaches for implementing the control measures of Annex A of BSS EN ISO / IEC 27001: 2017 and the Code of Practice for Risk Management in providing information security are analyzed.