Information Security Policy as InfoSec Instrument in the Polish Local Government System

• Autorzy: Łukasz Wojciechowski
• Języki publikacji: EN

Abstrakty

EN

This article discusses Information Security Policy (ISP) as an instrument of maintaining information security (InfoSec) in Poland at the local government level. In line with the existing legal framework, all local government units must prepare and implement a document titled 'Information Security Policy' (ISP). Resulting from a landmark law, i.e. the Act on Personal Data Protection of 29 August 1997, the ISP determines the data sets, the range of their processing as well as basic mechanisms of their protection. Another important source of law in the field of InfoSec in Poland is a 2004 Regulation on Personal Data Processing Documentation (RMIA) that sets out details that apply to individual institutions and define the technical conditions of the equipment and systems used for the processing of personal data. That regulation proved fundamental for the development of contemporary InfoSec in Poland. Appropriate security policy in local government units may protect them from cyberattacks at various levels and hence provide Polish citizens with InfoSec. However, the introduction of appropriate procedures faces many challenges. They may result not only from the lack of qualifications on the part of officials processing the data but also from scarce financial resources necessary for the implementation of relevant procedures.(original abstract)

Słowa kluczowe

EN

Security policy; Information security; Information; Security; Personal files; Data processing; Local government

PL

Polityka bezpieczeństwa; Bezpieczeństwo informacji; Informacja; Bezpieczeństwo; Akta osobowe; Przetwarzanie danych; Samorząd terytorialny

• Czasopismo: Rocznik Instytutu Europy Środkowo-Wschodniej
• Rocznik: 2016
• Numer: Vol. 14, z. 2 InfoSec in East-Central Europe: information in security - challenges, implications, responses
• Strony: 75--94

Twórcy

autor

Łukasz Wojciechowski

• University of Economics and Innovation (WSEI), Lublin, Poland

Bibliografia

• Chen, Y., Ramamuthy, K., Wen, K., 'Organizations' Information Security Policy Compliance: Stick or Carrot Approach?', Journal of Management Information Systems, vol. 29, no. 3, 2012, pp. 291-326.
• D'Arcy, J., Tejaswini, H., Shoss, M., 'Understanding Employee Responses to Stressful Information Security Requirements: A Coping Perspective', Journal of Management Information Systems, vol. 31, no. 2, 2014, pp. 291-325.
• Fajgielski, P., Informacja w administracji publicznej. Prawne aspekty gromadzenia, udostępniania i ochrony [Information in public administration. Legal aspects of gathering, sharing and protection], Wrocław: PRESS-COM, 2007.
• Hollenbeck, J., Jamieson, B., 'Human Capital, Social Capital, and Social Network Analysis: Implications for Strategic Human Resource Management', Academy of Management Perspectives, vol. 29, no. 3, 2015, pp. 370-385.
• ISACA, Glossary of Terms, Information Systems Audit and Control Association (ISACA), http://www.isaca.org/Knowledge-Center/Documents/ Glossary/glossary.pdf (2016-01-04).
• Kowalewski, M., Kowalewski, J., Polityka bezpieczeństwa informacji w praktyce [Information security policy in practice], Wrocław: Aspra-Jr, 2014.
• Leshem, N., Pinkreteon, A., 'Re-inhabiting no-man's land: genealogies, political life and critical agendas', Transactions of the Institute of British Geographers, vol. 41, no. 1, 2016, pp. 41-53.
• Lisiak-Felicka, D., Szmit, M., 'Information Security Incidents Management in Marshal Offices and Voivodeship Offices in Poland', Studies & Proceedings, Polish Association for Knowledge Management, no. 72, 2014.
• Millard, F., 'Presidents and Democratization in Poland: The Roles of Lech Walesa and Aleksander Kwasniewski in Building a New Polity', Journal of Communist Studies & Transition Politics, vol. 16, no. 3, 2000, pp. 39-62.
• Pawlak, P., 'Governance of Safety and Security in Cyberspace', in: P. Dąbrowska- -Kłosińska (ed.), Global safety governance: Challenges and Solutions, Centre for Europe, University of Warsaw, Warszawa: Aspra-Jr, 2015.
• Regulska, J., 'Governance or Self-governance in Poland? Benefits and Threats 20 Years Later', International Journal of Politics, Culture & Society, vol. 22, no. 4, 2012, pp. 537-556.
• The Act on Personal Data Protection of 29 August 1997, Journal of Laws, 2014.
• The Constitution of the Republic of Poland of 2 April 1997, Journal of Laws, no. 78, 1997.
• The Regulation on Personal Data Processing Documentation, Technical and Organizational Conditions which should be Fulfilled by Devices and Computer Systems Used for Personal Data Processing of 29 April 2004, Journal of Laws, no. 100, 2004.
• Najwyższa Izba Kontroli [The Supreme Chamber of Control], 'Informacja o wynikach kontroli wykonania budżetu państwa w 2014 r. w części 10 - Generalny Inspektor Ochrony Danych Osobowych' [Information on the results of monitoring the implementation of national budget 2014 in section 10 - General Inspector for Personal Data Protection], Najwyższa Izba Kontroli (NIK), May 2015, p. 4, https://www.nik.gov.pl/plik/id,8931. pdf (2016-01-10).
• Wiśniewska, M., Szczepańska, K., 'Quality management frameworks implementation in Polish local governments', Total Quality Management & Business Excellence, vol. 25, no. 3/4, 2014, pp. 354-365.