КОМПАРАТИВНА АНАЛИЗА НА СТАНДАРДИ И МЕТОДОЛОГИИ ЗА УПРАВУВАЊЕ СО ИНФОРМАЦИСКО-БЕЗБЕДНОСНИ РИЗИЦИ НА ТЕХНИЧКИТЕ И ЕЛЕКТРОНСКИТЕ СИСТЕМИ ОД КРИТИЧНАТА ИНФРАСТРУКТУРА

Abstract

Information security is a priority at the national and world level, which results with the need to define certain
security violations with the ultimate goal of successfully preventing information breaches, and with that quickly
and successfully remediating the consequences. In a cyber war scenario, the energy and financial sectors are
considered as the most critical to national security. The identification of key weaknesses, risks and potential
exposure to cyber threats in energy systems, as well as the creators of cyber incidents, can be performed based
on the perception of possible cyber attack scenarios. At the world level, there are several models for assessing
and managing security risk (ISO/IEC 27001, NIST 800-53, COBIT, OCTAVE Allegro, etc.) and therefore the main
goal of this research is to sublimate and compare the values of the most frequently used methodologies, which
will enable the selection of the best model for the successful prevention of information breaches and the quick and
successful remediation of the consequences. This paper analyze the application of current standards and
methodologies for managing information-security risks in the elements of CI, assessment of the level of application
of standards and methodologies in the institutions, which are part of CI, as well as determining a way to improve
the management of current information security risks.