Edition: Lublin 2016
Citation method: Ł. Wojciechowski, ‘Information Security Policy as InfoSec instrument in the Polish local government system’, Yearbook of the Institute of East-Central Europe, vol. 14, no. 2, 2016, pp. 75-94.
This article discusses Information Security Policy (ISP) as an instrument of maintaining information security (InfoSec) in Poland at the local government level. In line with the existing legal framework, all local government units must prepare and implement a document titled ‘Information Security Policy’ (ISP). Resulting from a landmark law, i.e. the Act on Personal Data Protection of 29 August 1997, the ISP determines the data sets, the range of their processing as well as basic mechanisms of their protection. Another important source of law in the field of InfoSec in Poland is a 2004 Regulation on Personal Data Processing Documentation (RMIA) that sets out details that apply to individual institutions and define the technical conditions of the equipment and systems used for the processing of personal data. That regulation proved fundamental for the development of contemporary InfoSec in Poland. Appropriate security policy in local government units may protect them from cyberattacks at various levels and hence provide Polish citizens with InfoSec. However, the introduction of appropriate procedures faces many challenges. They may result not only from the lack of qualifications on the part of officials processing the data but also from scarce financial resources necessary for the implementation of relevant procedures.