This document discusses information security management in the context of globalization. It presents definitions of globalization from different authors. Globalization and information technology influence and accelerate each other's trends. Information security is often overlooked in management decisions as outsourcing of IT focuses on short-term costs and functionality over security. The document also discusses Poland's increasing awareness of information security risks among public managers and changes in relevant laws. It provides examples of information security practices in local Polish government offices. Finally, it introduces the ISO 27001 standard for information security management systems.

1. Information Security Management
in context of globalization
69th Annual Meeting
The Polish Institude of Arts & Sciences of America
dr Sławomir Wawak, 2011

2. Globalizations definitions
Different authors define globalization as:
internationalization
liberalization
universalization
westernization
relations building
2
dr Sławomir Wawak, 2011

3. Globalization and IT influence
Changes conditions for IT (new threats)
Globalization Information
technology
Accelerates globalization trends
3
dr Sławomir Wawak, 2011

4. Information security issues
IS is often overlooked in management decisions
Outsourcing of IT is welcome due to short run cost
decrease
Functionality more important than security (applications)
IS departments detached from the rest of the company
4
dr Sławomir Wawak, 2011

5. Approach to IS in Poland
Increasing awareness of risks related to IS among
managers
Changes in law
protection of personal data
protection of classified information
provision of electronic services
computerization of public service
ICT requirements
minimum requirements for information systems
Additional requirements for public administration
5
dr Sławomir Wawak, 2011

6. Example of local government offices in Poland
Services provided by offices electronically
complaints, petitions, inquiries to the office
access to the electoral register
entrepreneur registration
public information
download of forms and applications
taxes, tax information
permission for felling trees
monitoring the status of the case
census
issuing identity cards
registry office
permission to sell alcoholic beverages
other services
0% 10% 20% 30% 40% 50% 60%
planned current percentage of offices
6
dr Sławomir Wawak, 2011

7. Example of local government offices in Poland
Officials trained in information security
15%
28%
9%
6%
25% 16%
brak < 10% 11 – 20%
21 – 50% 51 – 75% 76 – 100%
7
dr Sławomir Wawak, 2011

8. Example of local government offices in Poland
Information security audits in 2010
4%
39%
57%
no audits audits done by audits carried
employees out by an
(internal) external
organization
8
dr Sławomir Wawak, 2011

9. ISO 27001
ISO 27001:2005 – Information Security Management
Systems – Requirements
confidentiality
availability
integrity
business continuity
System approach to IS
Step towards conscious IS management in companies as
well as public administration
9
dr Sławomir Wawak, 2011