A New Approach to Information Security Auditing in Public Administration

Abstract

Due to the rapid pace of globalisation and digitalisation and the better usage of ICT technology, cybercrime is also rising. Hence, the secure operation of controlling and auditing information systems is fundamental in both the private and public sectors. It is generally accepted in the private sector that companies seek an independent third-party’s assistance to carry out information security audits. However, how do information security audits work in public administration? The article aims to characterise and assess information security auditing in public administration and define a new solution for conducting such audits. The article is considered a theoretical research paper. Theoretical research explains the basic terms related to auditing and defines conditions for efficient and effective information security auditing. Additionally, the research aims to answer whether the internal (bureaucratic, within the public administration organisational system) or external (third-party) audits prove more effective.