Edyta Karolina Szczepaniuk,Hubert Szczepaniuk,Tomasz Rokicki,Bogdan Klepacki

DOI: https://doi.org/10.1016/j.cose.2019.101709

2020-03-01

Abstract:The aim of the article is to characterise and assess information security management in units of public administration and to define recommended solutions facilitating an increase in the level of information security. The article is considered a theoretical-empirical research paper. The aim of theoretical research is to explain the basic terms related to information security management and to define conditions for the implementation of Information Security Management System (ISMS). Within the scope of theoretical considerations, source literature, legislation and reports are being referred to. In the years 2016-2019, empirical research has been conducted, which aim was to assess the efficiency of information security management in public administration offices. The evaluation of results of surveys was accompanied by an analysis of statistical relations between the researched variables, which enabled to define effects of European Union regulations on the delivery of information security in public administration. Results of the empirical data show that in the years 2016-2017, in public administration offices, certain problem areas in the aspect of information security management were present, which include, among others: lack of ISMS organisation, incomplete or outdated ISMS documentation, lack of regular risk analysis, lack of reviews, audits or controls, limited use of physical and technological protection measures, lack of training or professional development. In the years 2018-2019, European Union solutions, i.e. the GDPR Regulation and the NIS Directive, have affected the increase in the security level of information in public administration and have a significantly limited occurrence of identified irregularities. Results of the research enable to assume that the delivery of information security in public administration requires a systemic approach arising from the need for permanent improvement.

computer science, information systems

Іvan Bosak,,Marta Danylovych-Kropyvnytska,

DOI: https://doi.org/10.32782/2413-2675/2024-58-9

2024-01-01

Abstract:The article is devoted to the issues of ensuring the functions of public information security management in the context of modern challenges. Informatization processes have covered all spheres of human life, which has led to the emergence of new threats. In today’s world, where electronic technologies are becoming a necessity to ensure the effectiveness of public administration functions, the issue of information security is a key and urgent one. The problems of information security are currently being actualized by a significant increase in the role of accumulation, processing and dissemination of information, in particular, in making strategic, military, political and economic decisions. In this regard, the question of how well the modern public administration system is able to respond to the challenges posed by global digitalization is becoming relevant. The purpose of the paper is to study the peculiarities of ensuring information security in public administration, to analyze current threats and the experience of other countries in overcoming them. In analyzing certain aspects of information security, the paper uses methods of description and classification, as well as methods of studying causal relationships, in particular, the combination of similarities and differences. The article examines the trends in the development of public information security management as a key mechanism for ensuring the security of the State. The author identifies the issue of information security as an element of the State defense policy, which is of particular relevance in the context of full-scale military aggression. The concept of public management of information security can be defined as the process of managing measures aimed at protecting confidential information from unauthorized access, use, disclosure and destruction at the level of the State, organizations or citizens. This process may include the creation of appropriate legislation, the establishment of appropriate control and supervisory bodies, the conduct of information security education and training, and the installation of appropriate security technologies and systems to protect confidential information. The place and role of the system of regulation of information support of management processes at the state level are clarified. Sufficient attention is paid to the peculiarities of ensuring information security in public administration through the analysis of modern information threats. Considering the world experience, the author identifies the key success factors and the problems faced by public administration in overcoming them. We consider it expedient to create national analysis and response centers that will monitor, analyze and respond promptly to cyber threats and improve cybersecurity measures for critical facilities.

Mirosław Karpiuk,Wojciech Pizło,Krzysztof Kaczmarek

DOI: https://doi.org/10.5604/01.3001.0054.2880

2023-12-31

International Journal of Legal Studies ( IJOLS )

Abstract:The objective of this paper is to analyse the threats arising from the rapid development of information and communication technologies (ICTs) without which contemporary information-based societies would not be able to function properly. The authors have advanced the thesis that most perpetrators turn to social engineering methods to carry out cyberattacks, while users of information systems are the weakest links of every cybersecurity management system. The article is also an attempt to define the notions of cybersecurity and cybersecurity management. To this end, the authors have analysed the applicable legal regulations.They have also explored cyberthreats to which small and medium-sized enterprises are exposed, and demonstrated opportunities for further research into the issues being discussed.

Aleksandra Hęćka-Sadowska,Krzysztof Łyskawa

DOI: https://doi.org/10.33995/wu2023.2.3

2022-09-18

Wiadomości Ubezpieczeniowe

Abstract:Cybersecurity has become one of the greatest challenges in today’s post pandemic, digital and interconnected world, and also a subject of strategic importance for the insurance industry. There is no doubt that the advance of technology and the increased use of big data and cloud computing have set up an opportunity for insurance business, but they also expanded insurance companies’ vulnerabilities towards cyber risk. As insurers collect a large amount of confidential data, including protected personal sensitive information, they are a natural target for cyber-attacks. On the one hand, the aim of the article is to indicate how the risks associated with digitalisation affect the day-to-day operations in selected business areas of an insurance company, and which methods may be used to manage them, on the other. After a general review of cyber risk based on recent branch reports and survey results, the authors identified its global economic impact with particular regard to financial institutions, and also insurers’ exposure and perception of cyber risk and cybersecurity spending. Moreover, administrative decisions issued by the President of the Personal Data Protection Office in Poland, selected jurisdictions and loss scenarios for insurance companies were examined with a deeper dive into underwriting, selling, administration and claims handling processes. The results of the literature study show that cyber risk is recognized to be one of the most significant non-financial risks (in terms of the source, not result of the risk) for insurers and that many proactive security measures can be implemented. However, due to the high vulnerability to leaks of confidential personal and financial data or unauthorized system access, which may cause not only financial loss, but also business interruptions and reputational damage, in the authors’ opinion, loss prevention and reduction are insufficient. Thus, both insurance and non-insurance methods of external financing cyber risk results were indicated. On this basis, the cyber insurance is considered by the authors to be the best tool providing both prevention and financial compensation in case of cyber incidents, also in insurance companies.

E. Włodyka

DOI: https://doi.org/10.2478/bjes-2024-0019

2024-11-28

TalTech Journal of European Studies

Abstract:The article is based on the methodological assumptions of political science and administration. In response to the research questions, it can be observed that Poland is a country where the government endeavors to comprehensively implement solutions in the field of e-administration. This includes aspects related to the legal system, e-administration services for citizens, recognition of cyber threats, and a comprehensive counteraction strategy (through training systems and normative solutions), acknowledging the necessity of implementing AI in public administration. The article provides a comparative perspective on the development of e-administration in Poland as a part of Central and Eastern Europe. It analyzes Poland as a country that, while not a leader in the digitization of public administration, is not lagging behind in the implementation of new technologies in the public sector. Simultaneously, the paper may serve as a contribution to further in-depth research in this field.

Political Science,Computer Science

Liubomyr S. Sikora,Nataliia K. Lysa,Yevhen I. Tsikalo,Olga Yu. Fedevych

DOI: https://doi.org/10.13052/jcsm2245-1439.123.7

2023-05-18

Journal of Cyber Security and Mobility

Abstract:The complication of technological processes due to the modernization of complex technological processes aggregates with a distributed spatial infrastructure requires the use of new control systems and computer and information network technologies. Accordingly, this poses the problem of revising the basic concepts of information-measuring systems building, developing software and hardware for the implementation of the target management process. This requires development of new approaches to presentation, processing, and display of data about the aggregates state of energy-active objects and the entire information structure. For management under threat conditions, it is necessary to take into account the features of the information infrastructure, data selection and processing methods, methods and algorithms for classifying the situation, which are formed from blocks of data obtained from each unit and the technological process as a whole. Information about the current state of system and infrastructure is necessary for the formation, adoption and implementation of management decisions which is the basis for coordination strategies synthesis. Appropriate target orientation, reasonable indicators of real process trajectories divergence from the target state determine the probability of object attack. Knowledge and decision-making procedures for the coordination of managerial actions is based on the strategic target orientation of the structure, their professionalism and the level of intellectual, cognitive and scientific training which is the basis for correct situation interpretation of countermeasures against threats formation. In the event of active threats complex on man-made systems in a certain region (resource, cognitive, system, information) and natural disasters or military operations, the threats lead to active destruction or failure of the production process. In order to functionally withstand related production structures, when loyal to the industrial relations concept, they need to integrate at the strategic management level on common goal basis to reduce risks. If necessary, to increase sustainability, they can be integrated at operational management level using interconnections at the production and resource levels. To do this, it is necessary to develop a strategic and goal-oriented management system behaviour line, which requires informational and intelligent data processing at the highest level using cognitive creative methods. For each level of the infrastructure hierarchy, oriented towards strategic goals in the global infrastructure dynamic environment, methods of assessing the situation to detect failures and the actions of attacks have been developed, based on which countermeasures are formed depending on the type of threats.

Konrad Trzonkowski,Olena Khalina,Paulina Kolisnichenko,Nataliia Rozumovych,Oleksandr Zhyhulin

DOI: https://doi.org/10.34069/ai/2023.69.09.28

2023-09-30

Revista Amazonia Investiga

Abstract:The aim of the article was to study the characteristics of the formation of an information system to implement the administrative and legal mechanism to ensure financial and economic security under the influence of cyber threats. The research methodology involved the use of hierarchical and pairwise comparison analysis, as well as the method of expert analysis, with the help of academic documentary sources. As a result of the study, the main cyber threats in the information system of the administrative and legal mechanism for ensuring financial and economic security were identified and ordered according to their level of influence. This order will allow the management apparatus to understand, at least in theory, the hierarchy of importance of existing threats and subsequently use the latter to build information systems. Everything allows to conclude that, by analyzing the obtained results, a methodical approach to the assessment of cyber threats to financial and economic security was formed. However, the study has its limitations, as for the formation of the above-mentioned information systems, a small number of cyber threats were adopted, which are also characteristic for a particular country like Ukraine.

Monika Nowikowska

DOI: https://doi.org/10.1007/978-3-030-78551-2_11

2021-10-28

Abstract:Abstract The dynamic development of technology has led to significant changes in the concept of cyberspace. Currently, it is primarily a virtual space in which we communicate with each other using computers, phones and tablets connected by a network. Cyberspace protection has now become one of the most frequently discussed security-related topics. At a time when information systems allow the collection of huge amounts of information, supervision over data security is one of the key challenges of each country and individual network users. This article describes the principles of personal data protection by national CSIRTs, which are responsible for handling and responding to computer security incidents.

Anna KUCZYŃSKA-CESARZ

DOI: https://doi.org/10.37105/iboa.117

2021-09-15

Inżynieria Bezpieczeństwa Obiektów Antropogenicznych

Abstract:The accounting system perceived as a credible and reliable source of information about the economic and financial situation of entities operating in the Polish economy and subjected to the accounting law, operates under the conditions defined by cyberspace. The digitization of almost all stages of the work of financial and accounting units as a result of the implementation of many regulations of national and international law has become the cause of threats to the security of publicly available data characterizing the status of economic entities. The widespread use of computer programs to support accounting systemsfavors in a great extent to the limitation of the security of accounting information, despite the obligatory regulation of this area by applicable law. Although today it is difficult to imagine servicing companies' finances without modern technical solutions, one should always remember about the "dark sides" of digitization, which is an element of cyberspace and its consequences for the development of entities in the future."

Rafał Solecki,Rafał Kobis,,

DOI: https://doi.org/10.15290/eejtr.2023.07.01.10

2023-01-01

Eastern European Journal of Transnational Relations

Abstract:The primary goal of this article is to examine the challenges faced by public administration and enterprises as they grappled with the consequences of the COVID-19 pandemic. The main objective is the presentation of a new attitude to the project management in a self-government entity. These goals were achieved due to the presentation of the latest experience of the Małopolska Centre for Entrepreneurship during the implementation of the Małopolska Anti-Crisis Shield. The authors deployed in this article different techniques. The main method was a participant observation directed by the authors and a case study. The authors’ attention was focused primarily on the implementation by this public institution of the so-called “Entrepreneurship Package”. The "Entrepreneurship Package" was a component of the Małopolska Anti-Crisis Shield and was targeted specifically at entrepreneurs from the SME sector who suffered as a result of the introduction of the lockdown. For the purposes of this case study, previously unpublished data collected by the employees of the Małopolska Centre for Entrepreneurship were used. The main conclusion of this article is that public intervention was necessary to rescue a lot of small and medium enterprises during the pandemic time, but the public money should hit the target. In this context, it means that the biggest support should be directed at some enterprises who had serious economic problems, but despite that they want to provide for their workers.

English Else

Ernst Pfenninger,Manuel Königsdorfer

DOI: https://doi.org/10.1055/a-2360-1258

Abstract:Clinics are, by definition, part of a country's critical infrastructure. In recent years, hospitals have increasingly become the target of cyber attacks, resulting in disruptions to their functionality lasting weeks to even months. According to the "National Strategy for the Protection of Critical Infrastructures (CRITIS Strategy)", clinics are legally obligated to take preventive measures against such incidents. This involves evaluating, defining, and developing failure concepts for IT-dependent processes within a clinic to be prepared for a cyber attack. Specifically tailored emergency plans for computer system failures should be created and maintained in all IT-dependent areas of a clinic.Additionally, paper-based alternative solutions, such as request forms for diagnostic or consultation services, department-specific emergency documents, and patient documentation charts, should be kept in a readily accessible location known to staff in the respective areas. The complete restoration of a clinic's network after a cyber attack often requires extensive recovery of numerous IT systems, which may take weeks to months in some cases.If the hospital has robust plans for cyber emergency preparedness, including regular scans and real-time backups, stabilization and a quicker resumption of operations may be possible.

Monika Nowikowska

DOI: https://doi.org/10.1007/978-3-030-78551-2_15

2021-10-28

Abstract:Abstract Computer Security Incident Response Teams (CSIRTs) are specialised entities established to handle network and information system security incidents and cooperate with similar entities around the world, both in terms of operational, as well as research and implementation activities. The main tasks of CSIRTs include: recognition, prevention, recording and handling of events that breach network security, active response in the event of direct threats, cooperation with other CSIRT teams, and, finally, participation in national and international projects related to information security and research activities on the scope of methods for detecting security incidents. The article analyses the detailed tasks established on the basis of the Act of 5 July 2018 on the National Cybersecurity System of three CSIRTs operating in Poland: CSIRT MON, CSIRT NASK and CSIRT GOV.

Wojciech Wróblewski,Dominik Wysocki,Łukasz Czyżewski

DOI: https://doi.org/10.12845/sft.56.2.2020.8

2020-01-01

Abstract:Aim: The contemporary nature of terrorist attacks forces the rescue services to develop and enhance their operational potential to support the system which guarantees the safety of the civilians. The tasks of the State Fire Service (PSP) in Poland in the country’s anti-terrorist protection system indicate that these units play a key role in neutralizing the effects of terrorist attacks. The tasks of the formation include conducting rescue operations in the field of saving the lives and health of people and protection of property and environment in the situation of a sudden threat, as well as undertaking activities to identify threats, including contamination with chemical and radioactive substances, and conducting initial biological recognition activities. New tools and forms in terrorist threats require much broader skills and competences of PSP officers. Introducing full preparation of PSP officers to act during terrorist events may directly and indirectly strengthen the national anti-terrorist system. Methodology: A non-probabilistic research method with targeted selection using the PAPI (Paper And Pencil Interview) tool was applied. The study was conducted among the management of PSP. The survey involved thirty seven officers, thirty-two of whom were provincial commanders and/or their deputies, as well as officers performing management tasks. The remaining five respondents were officers holding managerial positions in the PSP Headquarters. Literature and legal regulations were reviewed and analysed. Results: In the study officers representing the commanding staff of the State Fire Service were included. A vast majority of the participants of this study claimed that terrorist threats in Poland are real. Which, in turn, resulted in the need to develop far reaching educational programs that adequately prepare fire-fighters to deal with terrorist threats and activities. Conclusions: State Fire Service officers are prepared to respond to many aspects of rescue operations, however, this continues to be an area of great research potential, where the focal point of discussion should focus on the improvement of all aspects of proper and effective response of the State Fire Service terrorist events. An innovative programme that addresses these concerns is the 3P model based on three domains: prevention, practice and psychotraumatology.

Gertruda Uścińska,

DOI: https://doi.org/10.7172/1644-9584.93.4

2021-10-07

Abstract:Purpose: As a case study illustrating the relationship between crisis management capabilities and the use of ICT techniques and technologies in public administration, the following text presents the evolution of selected ICT-based solutions used in the activities of the Social Insurance Institution (ZUS) as an e-administration and their use in the conditions of the COVID-19 pandemic. The article describes chronologically the most important projects in this area implemented and developed at ZUS from 2016 to the end of 2020. Methods: To achieve the objective a case study method has been chosen, i.e. a method of a qualitative nature, which, among other things, allows for: an in-depth description of an atypical phenomenon, and also on a broader and individualized analysis of the problem, allowing for its better understanding. The application of the case study method for presenting the impact of the pandemic (global crisis) on the use of information technology – in accordance with the assumption of using this method in the so-called narrow approach – made it possible to reconstruct the course of this relationship and its conditions. The case description was based on the analysis of legal acts, ZUS documents: annual reports on ZUS activities, strategic studies periodically prepared in ZUS, specifying the current objectives, directions and instruments of its planned development, information publications available on the ZUS website and thematic information available in the media. Findings: Using the example of the changes in the use of new techniques and information technologies in the Social Insurance Institution, it was shown how the process of automation and digitization was accelerated under the conditions of the pandemic. As a result, ZUS played the role of the main entity implementing government aid projects under crisis conditions. It is also a leader in e-administration development. Originality/value: The presented case study is an original paper, drawing attention to the potential of public institutions and conditions of its use in the global crisis situation. The added value of the study is the quotation of unpublished figures made available by ZUS. They enable an objective assessment of changes, the scale of described activities, as well as their effectiveness, measured e.g. by the number of activities, instruments and beneficiaries

English Else

Mariana Segovia-Ferreira,Jose Rubio-Hernan,Ana Rosa Cavalli,Joaquin Garcia-Alfaro

DOI: https://doi.org/10.1145/3652953

2024-05-17

Abstract:Concerns for the resilience of Cyber-Physical Systems (CPS)s in critical infrastructure are growing. CPS integrate sensing, computation, control, and networking into physical objects and mission-critical services, connecting traditional infrastructure to internet technologies. While this integration increases service efficiency, it has to face the possibility of new threats posed by the new functionalities. This leads to cyber-threats, such as denial-of-service, modification of data, information leakage, spreading of malware, and many others. Cyber-resilience refers to the ability of a CPS to prepare, absorb, recover, and adapt to the adverse effects associated with cyber-threats, e.g., physical degradation of the CPS performance resulting from a cyber-attack. Cyber-resilience aims at ensuring CPS survival by keeping the core functionalities of the CPS in case of extreme events. The literature on cyber-resilience is rapidly increasing, leading to a broad variety of research works addressing this new topic. In this article, we create a systematization of knowledge about existing scientific efforts of making CPSs cyber-resilient. We systematically survey recent literature addressing cyber-resilience with a focus on techniques that may be used on CPSs. We first provide preliminaries and background on CPSs and threats, and subsequently survey state-of-the-art approaches that have been proposed by recent research work applicable to CPSs. In particular, we aim at differentiating research work from traditional risk management approaches based on the general acceptance that it is unfeasible to prevent and mitigate all possible risks threatening a CPS. We also discuss questions and research challenges, with a focus on the practical aspects of cyber-resilience, such as the use of metrics and evaluation methods as well as testing and validation environments.

Cryptography and Security

Dariusz Prokopowicz,Mirosław Matosek

DOI: https://doi.org/10.5604/01.3001.0054.3061

2023-12-31

International Journal of New Economics and Social Sciences

Abstract:In recent years, there have been many different crises such as the dotcom crisis in the late 1990s, the global financial crisis of 2007-2009, the pandemic economic crisis and the global economic recession of 2020, the rise in commodity prices and the increase in inflation from 2021, the out-break of war in Ukraine, the energy and food crisis that occurred in 2022 in many countries. In addition, the climate crisis is also increasingly developing, which is generated primarily by the still high level of civilization's greenhouse gas emissions and the accelerating process of global warm-ing. As the scale and frequency of various crises increase, more and more business entities and public institutions are taking various anti-crisis measures, creating and improving risk manage-ment systems, early warning systems and contingency plans, carrying out corrective and develop-mental restructuring processes, creating innovative solutions to flexibly adapt to the changing environment. As the climate crisis is likely to develop for many years to come, so the importance of achieving the goals of sustainable development and urgently carrying out a green transformation of the economy is growing. In the context of the issues outlined above, the importance of efficient organizational management, information management and crisis management is growing. The improvement of the management processes of economic entities, including crisis management, has been realized in recent years through the implementation of new ICT information technologies and technologies typical of the current fourth technological revolution, Industry 4.0, into information systems.

Olena Kravchenko,Vladyslav Veklych,Mykhailo Krykhivskyi,Tetiana Madryha

DOI: https://doi.org/10.31893/multiscience.2024ss0219

2024-01-21

Multidisciplinary Science Journal

Abstract:Cybersecurity in the face of information warfare and cyberattacks in the modern world is one of the most critical issues of our time. Driven by the rapid development of technologies and digital transformation, threats to information security are becoming even more severe. Nowadays, almost every aspect of our lives, from personal data to critical infrastructure systems, is affected by cyberattacks. Information warfare has become a complex struggle where digital battles are integral to modern conflict. Countries, corporations, and even criminals fight for control over data and influence over critical systems. All this creates a situation where a defense against cyber threats is a top priority. The article aims to provide a detailed analysis and understanding of cyber threats' dynamics in the context of information warfare. It also highlights effective strategies and measures to ensure cybersecurity in such a challenging environment. The research methodology is based on comparing and analyzing information on real cyberattacks, studying the vulnerabilities of information systems, and developing strategies and technologies to counter cyber threats. The study employs both quantitative and qualitative methods, including statistical analysis and case studies. The results of the study revealed the main features of information warfare and their impact on cybersecurity globally and within specific organizations and states. Conflicting parties can use digital means to attack opponents, destroy their critical infrastructure, obtain secret information, or disrupt their operations. Information operations may use phishing and social engineering tactics to access essential resources or information. The organizations and states that find themselves at the epicenter of information warfare must carefully ensure the cybersecurity of their information resources.

Sergey Zubarev,Artur Ivanov

DOI: https://doi.org/10.19181/nko.2021.27.4.7

2021-12-14

Science Culture Society

Abstract:The article is devoted to the study of the influence of digital technologies of public administration on its efficiency. The development of new information and communication technologies, the redistribution of managerial powers in the network space, the transition to a qualitatively different level of interaction between the subjects of public administration lead to large systemic changes in both the environment of the functioning of the state apparatus itself and the process of making and implementing various state management decisions. The issues of readiness of executive authorities to use modern digital technologies are considered, an analysis of the advantages and risks of digitalization of public administration is given. The article empirically proves that the state's efforts to create a digital environment of interaction with citizens highly respond to society's request to reduce the level of bureaucracy and red tape, make the process of performing public functions and providing public services to citizens operational and accessible. Digital technologies of public administration (in the form of various digital services and Internet platforms) not only facilitate the adoption and implementation of public services. management decisions, but also positively perceived and actively used by citizens. The empirical basis of the article is the data of a sociological survey of experts - civil servants conducted within the framework of the scientific project of the Russian Foundation for Basic Research No.20-011-00749 "Mechanism for ensuring the effectiveness of state management decisions in the context of digitalization".

Monika Borzuchowska,Dorota Kilańska,Remigiusz Kozłowski,Petre Iltchev,Tomasz Czapla,Sylwia Marczewska,Michał Marczak

DOI: https://doi.org/10.3390/medicina59050946

2023-05-14

Abstract:Introduction: The outbreak of the COVID-19 pandemic was a period of uncertainty and stress for healthcare managers due to the lack of knowledge (about the transmission of the virus, etc.) and also due to the lack of uniform organisational and treatment procedures. It was a period where the ability to prepare for a crisis, to adapt to the existing conditions, and to draw conclusions from the situation were of critical importance to keep ICUs (intensive care units) operating. The aim of this project is to compare the pandemic response to COVID-19 in Poland during the first and second waves of the pandemic. This comparison will be used to identify the strengths and weaknesses of the response, including challenges presented to health professionals and health systems and ICUs with COVID-19 patients according to the European Union Resilience Model (2014) and the WHO Resilience Model (2020). The WHO Resilience model was suitable to the COVID-19 situation because it was developed based on this experience. Methods: A matrix of 6 elements and 13 standards assigned to them was created using the EC and WHO resilience guidelines. Results: Good governance in resilient systems ensures access to all resources without constraints, free and transparent flow of information, and a sufficient number of well-motivated human resources. Conclusions: Appropriate preparation, adaptation to the existing situation, and effective management of crisis situations are important elements of ensuring the resilience of ICUs.