Office for IT and eGovernment and NALED test the IT security of personal data on the local level
Within the round table on information safety and personal data protection on the local level, organized on Tuesday, 18 December 2018 at the Palace of Serbia, it was concluded that local governments need to be provided support in improving their information systems, the capacities of their IT officers and the procedures for managing the citizens' data. Even though a majority of cities and municipalities could handle potential external hacker attacks, the analysis performed by the Office for IT and eGovernment and NALED showed that they are quite vulnerable when it comes to potential internal misuse.
The local governments are recommended to dismiss the outdated equipment, use licensed operative systems and new-generation software, to regularly update them and apply modern security equipment and procedures for protecting information. One of the key recommendations is to improve the practice of using passwords and authentication within the local governments, and limit the access for public officers to data that are not in their jurisdiction.
The recommendations were developed within the project “Personal data protection and information safety on the local level”, realized by NALED and the Government's Office for IT and eGovernment, withi the support of NALED E-Government Alliance members - Asseco SEE, Comtrade, IBM, KPMG, SAGA, SBS and SAP.
„The aim of this project was to check the quality of personal data protection on the local government level, and along with the research it included the implementation of pen-tests analyzing the security of IT systems, websites and applications in eight cities and two municipalities. Kragujevac, Užice, Vranje, Pirot, Šabac, Požarevac, Sombor, Zrenjanin, Vrnjačka Banja and Pećinci are the first local governments where information safety experts in cooperation with line institutions simulated a controlled hacker attack“, said Mihailo Jovanović, the Director of the Government's Office for Information Technologies and E-Government.
These ten local goverments are the pioneers of information safety and their data protection process is actually only just beginning. The pen-test should be regularly performed once a year, which is a recommendation for all cities and municipalities bearing in mind that the accelerated development of information technolgieis brings in new threats, day by day, and requires continuous adaptations.
- Even 71% of surveyed respondents do not have the mechanisms to control the leaking of information, while two thirds have not performed an estimate of the IT systems security. For this reason, today we presented the recommendations to the mayors on how to promptly ensure better protection of IT systems from misuse. The development of e-government stands as a major challenge cities and municipalities in Serbia, and NALED and its E-Government Alliance wish to assist them in improving sustainability and security of their IT systems so that they are able to provide the e-services, and be aware of the responsible use and storing of data entrusted to them – said Dejan Đokić, the President of NALED Executive Board and the Director of Asseco SEE.
The analysis performed within the project also showed that out of 63 local governments in Serbia, nearly a half does not have an adequate regulation about the procedures related to information safety. Even though the average number of IT officers in local administration is one per 65 employees, four out of five cities and municipalities do not organize any training or raising awareness initiatives for them regarding this topic.
Along with testing the IT systems, the project also involved workshops for local government management and 119 public officers in the IT departments, to inform them about their obligations within the Law on Personal Data Protection and the Law on Information Safety, as well as the planned amendments to regulations.
