Risk management as a determinant of cybersecurity

The aim of the article is to demonstrate the dependence of security and cyber security on risk and risk management. The article presents the definitions and risk management process defined in the PN EN ISO 27005:2014 Information technology standard – Security technology – Risk management in information security, consisting of context-setting processes, risk assessment, i.e. identification, analysis and risk assessment, risk treatment, information and consultation as well as monitoring and review. In the further part of the article, the author proceeds from the definition of security, cybersecurity, crisis management to strategic, operational and legal documents, presenting the relationship and dependence of risk and risk management with security and cybersecurity and crisis management, as a national security management system, critical infrastructure protec-tion, including ICT systems of cyberspace. The presented relationships indicate undeniably risk management as a determinant of security and cybersecurity