Abstract:

The aim of the paper is to present the cybersecurity risk management process as a foundation for reducing digital crime and strengthening the security of infrastructure and processes implemented by operators of key services. The work presents the concept of risk, cyberspace, and the risk management process as a determinant of cybersecurity.

The results of the analysis made it possible to draw conclusions that the provisions of the National Cybersecurity Act may constitute the framework for the cybersecurity management model in the company and are a premise for making a decision to implement ISO certification. The paper proposes the determinants of cybersecurity management, presents the framework of the cybersecurity management model, and disputes the cost-benefit analysis regarding the reasons of applying all the recommendations of the Act on the National Cybersecurity System (NCS).

The paper builds upon the scientific achievements in the field of cybersecurity risk management, identifying the shortcomings of the new act on cybersecurity and relevant economic tools contributing to the implementation of the assumptions of this act.