Analysis of information security in selected municipalities

Abstract

The aim of this work is to analyze information and communication technologies in selected municipalities using security standards, especially ISO / IEC 27000. The work focuses mainly on the state of cyber security and the impact of GDPR regulation on systems in municipalities and relevant processes. A questionnaire survey of these impacts was carried out and possible measures were proposed on the basis of the analysis of the questionnaires and the carried-out risk analysis. It was found that there is no dependence between the financial demands of GDPR implementation and the type of municipality. There is also no dependence between the time required to implement GDPR and the type of municipality. There is no dependence between whether the municipality has a security policy document and whether it carries out a risk analysis. Furthermore, there is a dependence between whether the municipality has an information system and how time-consuming was the implementation of GDPR into the municipality's processes. The level of cyber security varies significantly from municipality to municipality. The GDPR General Regulation has had some impact on cyber security and processes in individual municipalities, but in many cases on a theoretical rather than a practical level. In addition, the complexity of laws and standards does not help to improve the state of cyber security