The article is devoted to the development of methods for identifying, assessing and neutralizing risks in order to ensure the reliability and security of information systems. The regulatory requirements for risk analysis in information systems have been developed. The methodology for analyzing information security risks in the banking sector has been developed and analyzed. Effective risk reduction strategies were used. Studied methods allow the user to receive a quantitative risk assessment of the system. This makes it possible to eliminate the need to use expensive resources to identify risks. Research was conducted on building an Information Security Risk Management System, measures and procedures for identifying, measuring, monitoring, controlling and minimizing information security risks. The purpose of the Information Security Risk Management System is to prevent and reduce the threat of negative consequences associated with the operation of information systems, as well as external factors affecting information systems. It is aimed at minimizing the risks in bank’s activities related to the violation of the integrity, confidentiality and availability of information systems.