ارزیابی امنیت اطلاعات در ادارات دولتی
Abstract
1- Introduction
2- Research methodology
3- Theoretical basis of information security management
4- Conclusions and recommendations
References
Abstract
The aim of the article is to characterise and assess information security management in units of public administration and to define recommended solutions facilitating an increase in the level of information security. The article is considered a theoretical-empirical research paper. The aim of theoretical research is to explain the basic terms related to information security management and to define conditions for the implementation of Information Security Management System (ISMS). Within the scope of theoretical considerations, source literature, legislation and reports are being referred to. In the years 2016-2019, empirical research has been conducted, which aim was to assess the efficiency of information security management in public administration offices. The evaluation of results of surveys was accompanied by an analysis of statistical relations between the researched variables, which enabled to define effects of European Union regulations on the delivery of information security in public administration. Results of the empirical data show that in the years 2016-2017, in public administration offices, certain problem areas in the aspect of information security management were present, which include, among others: lack of ISMS organisation, incomplete or outdated ISMS documentation, lack of regular risk analysis, lack of reviews, audits or controls, limited use of physical and technological protection measures, lack of training or professional development. In the years 2018-2019, European Union solutions, i.e. the GDPR Regulation and the NIS Directive, have affected the increase in the security level of information in public administration and have a significantly limited occurrence of identified irregularities. Results of the research enable to assume that the delivery of information security in public administration requires a systemic approach arising from the need for permanent improvement.
Introduction
Implementation of IT in most of the areas of activity of the state, the economy and the society, generates many opportunities regarding automation of management processes and increase in efficiency and quality of realized services. Simultaneously, the introduction of IT solutions in the public sector implies the necessity to provide security of the realised services. For this reason, within public administration institutions, the Information Security Management System (ISMS) is being implemented, which purpose is to provide security of information resources of an institution and to provide uninterrupted realisation of institution’s mission. ISMS covers a set of planning and organisational undertakings and it is based on risk management of information threats which can have destructive effect on functioning of a public administration institution. Therefore, information security management in public administration affects the efficiency, reliability, and quality of the realised public tasks. Analysis of problems related to global phenomena within field of the information environment of the state enables to perceive development trends of threats to information for the elements of critical infrastructure of the state (see e.g. WEF, 2019). Countries where public administration operates on the basis of new technologies, became sensitive regarding interference in information processes. Preventing threats and providing security of information constitutes a significant challenge, both for specific countries, as well as for international communities.