Hrvoje Očevčić, Krešimir Nenadić, Krešimir Šolić, Tomislav Keser.

Abstract
The survey identified positive effects of work on information security risk management. Regarding the survey results of information system incidents, a significant reduction was recorded in the number of system downtime incidents. The scope of implementation of the risk assessment methodology is the whole ICT system, and therefore the implementation covers all parts of information assets. Positive effects are obtained by reducing the risk by known mitigation methods. Technical details of the implemented control measures were not considered in this paper. In accordance with the standards used in methodology development, significant and increasing levels of user awareness of ICT systems have been considered. The effects of all implemented measures have resulted in a significant increase in the availability of parts of ICT systems.
Keywords
downtime, risk assessment, risk mitigation, security incidents