EN
In the literature there are many different maturity models applied in various areas. One of the most famous is the maturity model developed by the Software Engineering Institute. Initially it was developed for software development organizations, but it has evolved and has been applied in other fields. The modern form of this method - CMMI (Capability Maturity Model Integration), is standard, applicable in many areas and branches. The article presents the concept of maturity models as a tool for assessing the existing level of information systems security risk management and for comparing it with the model solution. Thus it is also possible to identify the elements of risk management process that require improvements in order to reach the next - higher level of maturity.