Abstract:

The article focuses on determining the comparative criteria and their significance in the process of cyber risk management in an organization. These criteria, including their weights, will be used to evaluate the set of normative acts (Cyber-security law, ISO standard, standard NIST, Risk IT Framework). The goal of the comparison is to determine the ideal variant on the basis of which the cyber risks in the organization can be managed. The article thus provides a general methodological approach for selecting an ideal variation on the basis of a set of criteria that is applicable to any organization without distinction in the sector in which it operates.