EN
Activities which increase trust to information systems are the condition for realisation of information security aims. The article describes requirements specification of IS according to the PN-ISO/IEC 17799:2003 norm and engineering principles for information technology security according to NIST. The analysis of the correspondence between norms and principles is discussed in the paper.