Research of methods of information security risk assessment

The purpose of the article is to study modern methods of information security risk assessment. The conducted analysis of CRAMM methods and COBIT 5 for Risk methodology in relation to the process of information security risk management of the institution allowed to determine the advantages and disadvantages of these methods. The use of risk-oriented approaches implemented in the considered methods allows to build a more effective security system for institutions, to protect primarily the most critical for ensuring the functioning of objects, taking into account current security threats and the technologies used. It should also be noted the importance of exchanging information on risks, incidents and threats for joint counteraction to new challenges and threats.