Information Security Management System plays a critical role to protect the organization and its ability to perform their business mission, not just its IT assets. Risk Management and Risk Assessment are important components of Information Security Management System Risk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level. Information and communications technology management and IT security are responsible for ensuring that technology risks are managed appropriately. The research starts with the conceptual framework of the Information Security Management System and provides an analysis of the IT risks management to the level of the financial institutions in Romania.

information security management system, risk management, risk assessment