EN
Modern information systems are often complex, heterogeneous and dynamic. Technological progress and widespread use of information systems in business generate dependencies that cause the increase of diversity, complexity, uncertainty and the amount of risk factors. Therefore risk management, focusing on finding the optimal relationship between the risks and the cost of security issues, becomes increasingly important. Risk cannot be completely avoided, so it must be properly managed. Therefore organizations should implement standards, guidelines and best practices. The article presents selected standards concerning a very rapidly developing area which is information security risk management in an organization. The major ISO/IEC standards and selected best practices in this area are presented.