Resumen
The digitalization of the economy is associated with an increase in threats to the security of individuals, society and the state in the information sphere.Risk assessment is part of a comprehensive approach to cybersecurity and a requirement of most IT standards. The use of an integrated approach in the field of cybersecurity allows us to consider all the elements that are parts of cybersecurity as a complex, interconnected system. The ultimate goal of this approach to cybersecurity is to organize a continuous process of protection against any physical, software, hardware, network and human influences on the target system. The integration of various layers and means of protection provides a more complete understanding of vulnerabilities and more comprehensive protection against various threats.Information security management is a subsidiary process of a broader risk management process: if an organization, after analyzing and evaluating all its business risks, makes a conclusion about the relevance of information security risks, then information security becomes a means of minimizing some of them.In this paper, it is proposed to use penetration testing as a method of risk assessment, a comparative characteristic of various approaches to testing for assessing risk events is given, types of testing and assessment of their risks are described, advantages and disadvantages are shown, recommendations for testing are given, the use of which allows you to get the most objective result.