Veronika Nagy-Takács
ABSTRACT
Public administrative bodies play a key role in governmental level data asset management. A centralized regulation and toolset of these bodies is a strategic goal, but the experience of the implementation confirms that a meticulous and careful task must be faced. The diversity of the administrative bodies works against a quick change. The study aims to review the information protection obligations of Hungarian public administration bodies, emphasizing the importance of standard-based legal regulation and the centralizing and unifying nature of public administration IT developments. In addition to the historical and legal review, the authors also pay attention to the description of the standard application experience. The goal is to establish a comprehensive and effective regulatory system that may be available through the management system standards, especially the ISO 27000 standard family. It can be concluded that beyond the regulatory intentions in a diverse infrastructure, targeted training and more emphasis on promoting the acceptance of information security is necessary for success.
- International Standardization Organization. 2018. Information technology — Security techniques — Information security management systems — Overview and vocabulary (ISO/IEC 27000:2018)Google Scholar
- Márton Gellén, 2020. Motivation and Professionalisation in Hungarian Civil Service: An Empirical Analysis on Hungarian Regional Civil Service. Polgári Szemle 16, 460-472. DOI: 10.24307/psz.2020.1230Google ScholarCross Ref
- Tovább folytatódott a minisztériumok informatikai háttérrendszerének egységesítése. Bitport, 2020.12.28. Available at: Tovább folytatódott a minisztériumok informatikai háttérrendszerének egységesítése.https://bitport.hu/tovabb-folytatodott-a-miniszteriumok-informatikai-hatterrendszerenek-egysegesitese. Bitport, 2020.12.28. [Accessed: 11.03.2022.]Google Scholar
- Government Decision on the coordination of the development of the IT infrastructure of the central governmental bodies, 1039/1993. (V. 21.)Google Scholar
- Miniszterelnöki Hivatal Informatikai Koordinációs Iroda. 1994. Informatikai biztonsági módszertani kézikönyv. Informatikai Tárcaközi Bizottság ajánlásai – 8. sz. ajánlás. Budapest, Hungary. Available at: http://docplayer.hu/4783087-Informatikai-biztonsagi-modszertani-kezikonyv.html. [Accessed: 11.03.2022.]Google Scholar
- Miniszterelnöki Hivatal Informatikai Koordinációs Iroda. 1996. Informatikai rendszerek biztonsági követelményei. Informatikai Tárcaközi Bizottság ajánlásai – 12. sz. ajánlás, Budapest, Hungary. Available at: https://dsd.sztaki.hu/mockups/itb/ajanlasok/a12/index.html. [Accessed: 11.03.2022.]Google Scholar
- Közigazgatási Informatikai Bizottság. 2008. Magyar Informatika Biztonsági Ajánlások (MIBA) 25. számú ajánlássorozat. Budapest, Hungary. Available at: https://regi.ugyintezes.magyarorszag.hu/dokumentumok/kib25miba.pdf. [Accessed: 11.03.2022.]Google Scholar
- Common Criteria for Information Technology Security Evaluation. CCMB-2017-04-001. Available at: https://www.commoncriteriaportal.org/cc/ [Accessed: 01.07.2022.]Google Scholar
- Nemzeti Kibervédelmi Intézet. 2019. Közigazgatási Kibervédelmi Eszköztár. NKI White Paper. Budapest, Hungary. Available at: https://nki.gov.hu/wp-content/uploads/2019/03/NKI_White_Paper.pdf. [Accessed: 11.03.2022.]Google Scholar
- Act on electronic public services, LX Act of 2009Google Scholar
- Government Decree on the security of electronic public services, 223/2009. (X. 14.)Google Scholar
- Act on the information security of state and municipal bodies, L Act of 2013Google Scholar
- Decree of the Minister of Interior on the requirements relating to the technological security and secure information devices and products, and on the security classification and declaration of security levels determined in the Act L of 2013 on the information security of state and municipal bodies, 41/2015. (VII. 15.)Google Scholar
- Security and Privacy Controls for Federal Information Systems and Organizations. NIST Special Publication 800-53 Rev.4 National Institute of Standards and Technology U.S. Department of Commerce. DOI: 10.6028/NIST.SP.800-53r4Google ScholarCross Ref
- Justification for L Act of 2013 on the information security of state and municipal bodiesGoogle Scholar
- Attila P. Bodó, Tanás Joó, and Tamás Palicz. 2020. Az Ibtv. gyakorlata. Éves továbbképzés az elektronikus információs rendszerek védelméért felelős vezető számára 2020. Nemzeti Közszolgálati Egyetem Közigazgatási Továbbképzési Intézet. Budapest, Hungary.Google Scholar
- Péter Balatoni, and János Varga. 2019. Információbiztonság és adatvédelem a gyakorlatban – egy országos felmérés és jegyzői interjúk tapasztalatai. Új Magyar Közigazgatás 12, 1, 84-87.Google Scholar
- István Szabó. 2015. A 2013. évi L. törvény végrehajtási rendelete alapján folytatott biztonsági tanúsítások tapasztalatai a szolgáltatók széles körének vizsgálata után. Hétpecsét Egyesület LXVIII. Szakmai Fórum, 2015. november 18., Budapest, Hunagry. Available at: https://hetpecset.hu/site/uploads/files/7peloadasszabo-inyomtatasrahonla.pdf. [Accessed: 11.03.2022.]Google Scholar
- Government Decree on the Governmental Data Repository for the security of data related to electronic administration, 466/2017. (XII. 28.)Google Scholar
- Act on the right to informational self-determination and on the freedom of information, CXII Act of 2011Google Scholar
- Decree of the Minister of Interior on the requirements for records management software applicable to public service bodies, 3/2018. (II. 21.)Google Scholar
- Directive (EU) of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union, 2016/1148 EU DirectiveGoogle Scholar
- Government Decree on centralized IT and electronic communications services, 309/2011. (XII. 23.)Google Scholar
- Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on measures for a high common level of cybersecurity across the Union, repealing Directive (EU) 2016/1148 Brussels, 16.12.2020 COM(2020) 823 final 2020/0359 (COD)Google Scholar
- Act on the general rules for electronic administration and trust services, CCXXII Act of 2015Google Scholar
- Decree of the Minister of National Development on organizations using centralized IT and electronic communications services through an individual service agreement and on IT systems operated or developed by the central service provider, 7/2013 (II. 26.)Google Scholar
- Government Decree on government networks, 346/2010. (XII. 28.)Google Scholar
- Government Decree on the provision of data processing of state registers belonging to the national data assets, 38/2011. (III. 22.)Google Scholar
- Government Decree on the operation of the Government Data Center, 467/2017. (XII. 28.)Google Scholar
- Government Decree on the Unified State Application Development Environment and the State Application Catalog, as well as on the amendment of certain related government decrees, 314/2018. (XII. 27.)Google Scholar
- Government Decree on the responsibilities of the centralized IT and electronic communications service provider in relation to information security, 186/2015. (VII. 13.)Google Scholar
- Zoltán Kovács, Zoltán Mikó, and Gábor Sági. 2018. A biztonság mint szolgáltatás megteremtésének lehetőségei az állami, önkormányzati elektronikus információs rendszerek esetében I. Belügyi Szemle 66, 4, 30-42.Google ScholarCross Ref
- Zoltán Kovács, Zoltán Mikó, and Gábor Sági. 2018. A biztonság mint szolgáltatás megteremtésének lehetőségei az állami, önkormányzati elektronikus információs rendszerek esetében II. Belügyi Szemle 66, 5, 40-61.Google ScholarCross Ref
- Masuda Yoneji. 1988. Az információs társadalom mint posztindusztriális társadalom. OMIKK. Budapest, HungaryGoogle Scholar
- Government Decree on the municipal ASP system, 257/2016. (VIII. 31.)Google Scholar
- Tamás Szádeczky. 2013. Az IT biztonság szabályozásának konfliktusa. Inforkommunikáció és Jog 10, 56, 149-153.Google Scholar
Index Terms
- Information Security Management System Standards in Hungarian Public Administration
Recommendations
Information Systems Security Audits in Cameroon's Public Administration
ICEGOV '18: Proceedings of the 11th International Conference on Theory and Practice of Electronic GovernanceA few decades ago, most of the Sub-Saharan African countries such as the Republic of Cameroon joined the rest of the world in adopting ICTs to improve the delivery of government services. The Government of Cameroon regards e-Government with numerous ...
Public Works and Infrastructure: Improvement Initiative for Federal Government in Mexico
dg.o '16: Proceedings of the 17th International Digital Government Research Conference on Digital Government ResearchThe Ministry of Communications and Transportation of the Federal Government in Mexico adopted the principles of the Strategy of Opening Government data. So in this poster we describe "Follow Public Works and Infrastructure", an initiative for Public ...
Analysis of knowledge management experiences in spanish public administration
TEEM '15: Proceedings of the 3rd International Conference on Technological Ecosystems for Enhancing MulticulturalityUnder the development of the Digital Society and with the aim of achieving a true transition from the Information Society to the Knowledge Society, ICTs play a capital role in educational and knowledge management processes in any kind of entity, from ...
Comments