ICT security in revenue administration - incidents, security incidents - detection, response, resolve

• Autorzy: Muliński Tomasz

Identyfikatory

DOI

10.34739/si.2022.27.04

• Języki publikacji: EN

Abstrakty

EN

The article shows the author's approach to the methods of acquiring and analyzing reports and security incidents, categorizing their sources in relation to the literature describing ICT security threats, taking into account the legal regulations in force in the Polish public administration. Methods of verification and analysis of detected threats, methods of threat resolution were presented. Tools and procedures used to evaluate reported incidents and assess the threat level of reported incidents were discussed. The incidents and events identified in the period April 2018 - February 2022 were analyzed. Due to the implementation of remote work, there were challenges related to the need to ensure secure remote access to ICT systems of the tax administration. This entailed the need to develop other methods of analysis, response and development of procedures for safe use of workstations by employees providing remote work. The article shows a wide variety of events that members of the security incident response team had to deal with. The obtained results will also be compared with the conducted scientific research on the perception of security threats in public administration and how changes in IT service in the studied organization influenced security management and affect the developed model of combating intentional security threats to information systems.

Słowa kluczowe

EN

ICT security; security incidents; tax administration; Computer Security Incident Response Team

• Wydawca: Wydawnictwo Uniwersytetu Przyrodniczo-Humanistycznego w Siedlcach
• Czasopismo: Studia Informatica : systems and information technology
• Rocznik: 2022
• Tom: Vol. 2(27)
• Strony: 75--93
• Opis fizyczny: Bibliogr. 16 poz., rys., tab., wykr.

Twórcy

autor

Muliński Tomasz

• Chamber of Tax Administration in Lublin ul. Tadeusza Szeligowskiego 24, 20-883, Lublin, Poland

• https://orcid.org/0000-0002-6305-700X

Bibliografia

• 1. Drabczuk M., Cyber-attacks as a tool of pressure on Ukraine and the West, Institute of Central Europe, https://ies.lublin.pl/komentarze/cyberataki-narzedziem-presji-na-ukraine-i-zachod/, access date (2022.04.08).
• 2. Fortinet Inc., High Performance Network Security, Sunnyvale 2013.
• 3. Management of ICT security incidents in the Ministry of Finance and in organizational units of the Ministry of Finance, Ministry of Finance - Department of Security and Information Protection, Warsaw 2015.
• 4. Mitnick K., Simon W. L., The Art of Deception: Controlling the Human Element of Security, Wiley, 2002.
• 5. Muliński T., Security threats to e-administration IT systems, CeDeWu, Warsaw 2015.
• 6. North American Electric Reliability Corporation, Cyber Attack Task Force - Final Report, Atlanta 2012.
• 7. Ordinance of the Minister of Development and Finance of July 3, 2017 on the definition of procedures for the implementation of projects for the Ministry of Finance and subordinate or supervised units for the implementation of projects carried out in individual alarm levels and CRP alarm levels, Official Journal of the Minister of Development and Finance 2017, item 133.
• 8. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), Official Journal of the European Union L 119/1.
• 9. Regulation no. 32 of the Prime Minister of February 15, 2022 on the introduction of the CRP alert level, Prime Minister, Warsaw 2022.
• 10. Regulation no. 40 of the Prime Minister of February 21, 2022 on changing the alert level of CRP, Prime Minister, Warsaw 2022.
• 11. Regulation no. 52 of the Prime Minister of 04/03/2022 on the introduction of the CRP alert level, Prime Minister, Warsaw 2022.
• 12. Regulation no. 62 of the Prime Minister of March 15, 2022 on the introduction of the CRP alert level, Prime Minister, Warsaw 2022.
• 13. Regulation no. 71 of the Prime Minister of March 31, 2022 on the introduction of the CRP alert level, Prime Minister, Warsaw 2022.
• 14. Regulation of the Prime Minister of July 25, 2016 on the scope of projects carried out in individual alert levels and alert levels of CRP, Journal of Laws 2016, item 1101.
• 15. Szydłowski O., Zaniewicz M., Cyberattack on Ukraine, commentary no 10 (2022), The Polish Institute of International Affairs, Warsaw 2022.
• 16. Świtalski P., Kopówka M., Machine Learning Methods in E-mail Spam Classification, Studia Informatica. System and information technology, vol. 23, no 1-2 (2019), UPH, Siedlce 2019.

Uwagi

Opracowanie rekordu ze środków MEiN, umowa nr SONP/SP/546092/2022 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2022-2023).