Security of State Information Systems Possible threats to the State information systems (SIS), where is processed an important information of the national interest, protected by laws, international treaties and other laws and regulations, as well as important information for institutions successful operation, security is one of the key factors to be observed in the SIS design and maintenance.
SIS security provides a set of measures, which is implemented, to:
-
make the system work according to statutory functions;
-
provide an access to an information for a specified period after the inquiry;
-
ensure a preservation of a complete and unchanged information;
-
provide information only to those persons who are authorized to receive it and to use;
-
protect the SIS software, files and system documentation;
-
protect computers, carriers of electronic data, computer equipment and other technical devices that provide performance of the SIS;
-
identify the system security threats, detect system security incidents (with the intent (on purpose), or caused by negligent actions or events that may lead to system information or technical resources change, damage, destruction or into the possession of persons who are not authorized, or whose action made the access to information system resources impaired or impossible);
-
evaluate the possibility that, when the security threat has materialized, SIS information or technical resources (computers, carriers of data, etc.) will change, go out of order, be destroyed or come into the possession of persons other than the authorized or whose action could cause an impeded or impossible access to information system resources;
-
restore the system operation after the system security incident.
SIS security threat may be both external and internal (within institutions) and can be divided into the following groups:
-
external human hazards (an unauthorized access, data damaging, etc.)
-
internal human hazards (an employee or administrator error, an unauthorized disclosure of information etc.).
-
a failure of hardware, software lines, and service (the server is damaged, malfunctions of the data transmission network, etc.)
-
nature and other hazards not mentioned above (fire, lightning caused overvoltage, storm, etc.).
Head of an institution is responsible of SIS security in the institution. Security Manager organizes that the security requirements are met and the authority which maintains the SIS is required each year to carry out security audit of the SIS.
The existing security manager in the state institution, taking into account recommended guidelines, implements and organizes the SIS security management according to the Cabinet of the Ministers 11.10.2005. regulations No. 765 "General Security Requirements of State Information Systems”, international standards and good practices in IS security management field.