Agencja Unii Europejskiej ds. Cyberbezpieczeństwa, Standardy zarządzania ryzykiem

MARCH 2022

RISK MANAGEMENT STANDARDS

Analysis of standardisation requirements in support of cybersecurity policy

EXECUTIVE SUMMARY

The purpose of this document is to provide a coherent overview of published standards that address aspects of risk management and subsequently describe methodologies and tools that can be used to conform with or implement these standards.

The Regulation (EU) 2019/881 (Cybersecurity Act) states that ‘ENISA shall facilitate the establishment and take-up of European and international standards for risk management and for the security of ICT products, ICT services and ICT processes’. (Article 8.5)

This analysis is intended to contribute to the achievement of this goal. It is based on a compiled, comprehensive inventory of standards in the area of cybersecurity risk management and methodologies related to standards. This publication provides guidance to EU Institutions, bodies and agencies on the availability of standards and methodologies relevant to the management...