Analysis And Evaluation of The Information Security Management System in The Enterprise – A Case Study

The aim of the article is to analyze the information security management system as well as to identify and assess the risks of information security loss in a selected manufacturing company. The implementation of the above-mentioned goal of the work  posed required the use of the following research methods: analysis of the literature available in the field of information security management, which was supported by a diagnostic survey, the observation and experience of the authors, as well as a synthesis of the knowledge possessed. The main part of the article is the analysis of the risk of information security loss carried out with the use of a commonly used methodology. Then, on the basis of the collected research material, an information security risk assessment was carried out. Based on the research results obtained, it can be concluded that information security threats that may occur in the examined enterprise are at an acceptable level of risk. In practice, this means that the company is not obliged to implement new or modify existing security measures. However, it is recommended to conduct a systematic analysis of threats and monitoring of implemented security measures, as any signs of their neglect or errors in their functioning may lead to an escalation of threats and an increase in risk, even to an unacceptable level.