Integration of information security risks into the operational risk management system of the organization

Information security risk management is viewed as a constantly improving process, which is part of the organization's management, namely, part of the operational reliability management system. Based on the analysis of sources on the research topic, its relevance is shown. In many Russian companies, the information security management system is currently poorly integrated with the operational risk management system. However, the need for this integration is not only due to the high value of cyber risks and significant negative consequences of their implementation, but also to regulatory requirements. The article provides an overview of the information security risk management and operational reliability standards developed by the Bank of Russia and put into effect in 2023. The main features of the standards that affect the organizational component of operational risk management are analyzed and highlighted. Using methods of generalization and analogy, business processes have been identified that need to be developed or improved in order to develop a risk management system to improve operational reliability and ensure business continuity. The importance of automating the monitoring of the risks of the implementation of information threats is emphasized. One of the key features of cyber risks is the presence of attack scenarios that are unknown to the organization, making it much more difficult to detect and address the causes and consequences of attacks.