The paper concerns similarities and differences between the information security management systems (ISMS) and the critical information infrastructure protection systems (CIIP), to predict the extent of adaptation works so that the ISMS could be used in CIIP. The discussion deals with different aspects of both types of systems: standardization, used models, considered security or protection objectives, architecture, management frameworks and tools. The paper tries to answer the question how to use older and more mature information security methodology, its standards, experiences and achievements to build and maintain CIIP systems that still remain a challenge for today.