Výzvy v procese identifikácie rizík v manažmente informačnej bezpečnosti

Abstract

The article focuses on risk identification as a crucial process within the broader framework of information security management. It highlights the challenges posed by inconsistent legislative requirements and the need for harmonization through international standards, specifically STN ISO/IEC 27005:2023. The authors discuss the importance of a systematic approach to risk management, detailing how the accurate identification of risks influences subsequent phases like analysis, evaluation, and treatment of risks. The article also compares current cybersecurity legislation with international standards, offering insights into best practices for effective risk management in organizations. The conclusions emphasize the need for integrating these standards to ensure consistency and resource efficiency in practice.