Abstract

The article presents the subject of how the notion of „risk” and „risk management” is defined in legal acts and standards. The first part discusses the definition of risk, risk management, including the NIS Directive, the GDPR, the Act on the National Cybersecurity System, and then reviews the risk definition in standardisation documents, in particular from the group of standards 2700K. The analysis shows a direct link between the enacted regulations and the mechanisms of their implementation on the basis of the relevant standards.