Information security assessment in public administration

The aim of the article is to characterise and assess information security management in units of public administration and to define recommended solutions facilitating an increase in the level of information security. The article is considered a theoretical-empirical research paper. The aim of theoretical research is to explain the basic terms related to information security management and to define conditions for the implementation of Information Security Management System (ISMS). Within the scope of theoretical considerations, source literature, legislation and reports are being referred to. In the years 2016-2019, empirical research has been conducted, which aim was to assess the efficiency of information security management in public administration offices. The evaluation of results of surveys was accompanied by an analysis of statistical relations between the researched variables, which enabled to define effects of European Union regulations on the delivery of information security in public administration. Results of the empirical data show that in the years 2016-2017, in public administration offices, certain problem areas in the aspect of information security management were present, which include, among others: lack of ISMS organisation, incomplete or outdated ISMS documentation, lack of regular risk analysis, lack of reviews, audits or controls, limited use of physical and technological protection measures, lack of training or professional development. In the years 2018-2019, European Union solutions, i.e. the GDPR Regulation and the NIS Directive, have affected the increase in the security level of information in public administration and have a significantly limited occurrence of identified irregularities. Results of the research enable to assume that the delivery of information security in public administration requires a systemic approach arising from the need for permanent improvement. (C) 2020 The Authors. Published by Elsevier Ltd.