Risk Management, Cyber Security and Business Continuity from the Aspect of Standardization in the Protection of Critical Infrastructure
摘要
Modern society increasingly depends on complex and interconnected systems, whose availability, reliability, and security form the foundation of everyday life. The growing complexity and interdependence of these systems lead to greater vulnerability, where even minor disruptions can cause serious consequences for society and the economy. These systems, including energy networks, transport infrastructure, water supply, healthcare and financial systems, information and communication technologies, public administration, and environmental protection, are referred to as critical infrastructure. Their protection against disruptions has become a strategic priority for every state and society as a whole. In this context, the integration of risk management, cybersecurity, and business continuity, based on international and European standards, emerges as the only sustainable framework for preserving social stability and plays a key role in protection strategies. Standards in the fields of risk management, cybersecurity, and business continuity provide a common language, methodological framework, and best practices that can be applied across different sectors. Over the years, information and communication systems have become an integral part of many activities that constitute elements of critical infrastructure across all sectors. Failures and security incidents in these systems directly threaten business continuity, as most critical processes depend on information and communication systems. According to ISO/IEC 27031:2025, readiness of information and communication systems/technologies (ICT) for business continuity means that ICT and its operational capabilities demonstrate the ability to achieve desired business continuity objectives in case of a disruption affecting ICT.