Critical Information Infrastructure Protections (CIIP) is one of the key priorities of the European Union. High dependence on critical information infrastructure, their cross-border interconnection and interdependencies with other infrastructures, as well as the vulnerabilities and threats they are exposed to increase need to address issues of their security and resilience in a systematic way. There are numerous new EU initiatives in this area such as the adoption of regulations that regulate the issue of security and integrity of public communications networks, the measures aimed at addressing the issues of security of European operators of critical infrastructure, redefining the role of the European Agency for Network and Information Security related to CIIP, harmonization of the criminal legislation regarding cyber crime, funding for relevant research and development in the EU, etc. CIIP is a global issue that impacts developed and developing countries alike. Developing countries present a challenge that cannot be ignored without risk to global cyber security. The main objective of this paper is to presents the results of initial assessment of national preparedness of Bosnia and Herzegovina for the risk management of critical information infrastructure, based on ENISA methodology, and to provide an overview to the law of information security in Bosnia and Herzegovina.