This site is no longer being updated.

Please, visit us at our new website www.valstybeskontrole.lt/en

Main page
 
Press Release
28/06/2018   Management maturity of critical state information resources is improving, however, remains insufficient

When using the critical state information resources – electronic information of extraordinary importance - important governmental functions, such as management of government funds, tax administration, health care, are being implemented. These resources are managed by the state-owned enterprises and government institutions: Centre of Registers, State Tax Inspectorate and others. The loss and non-access of critical information can have severe consequences for the security, wellbeing, and economy of the society.

The audit performed by the National Audit Office “Management of critical state information resources” reveals that trends in the changes of the maturity of the management of the critical state information resources are positive in Lithuania, however, given the increased level of cyber risks, the faster changes are necessary. In order to increase the security of these resources, the management mechanism of state information resources needs to be upgraded so that it can optimally match the positive practices.

Management maturity of critical state information resources is determined by the effectiveness of management of the state information resources. During the audit, the information technologies (further – IT) management maturity was evaluated in 12 public sector organisations.

“The National Audit Office has performed IT management maturity evaluations since 2006, however, have yet to record the fundamental breakthrough: average IT management maturity level is only 1.7. Maturity level in the management of such resources should be at level 3 out of 5 in total”, - stated the Deputy Director of the Management Audit Department Živilė Uždavinytė-Kerbelė.

Auditors also note that the measures that could guarantee the resistance of the critical information resources to the cyber risks are not sufficiently effective. It is necessary to increase the effectiveness of the management of IT security risks by putting more emphasis on the safety testing when creating and modernising informational systems, educating personnel. In recent years, the target of cyberattacks has more commonly become the critical information resources that are used to supply important services to the society and to store the extra important information. Based on the National Cybersecurity Centre data, the number of cyber incidents in Lithuania is increasing: in 2017 the registered number of incidents increased by one-tenth (54.4 thousand) compared with 2016.

At the moment, the national IT policy functions are redistributed among the Ministries. Consolidation process of information resources is being reviewed, the establishment of the office of the manager of Information resources is being discussed. Prolonged discussion about the IT policy is restricting the EU investment usage in the IT sector. In April 2018 the decision about the transfer of amount of 55 million Eur from the IT sector to other sectors was made. Already back in 2013, after performing the audit, the National Audit Office emphasised the lack of clear policy on the expansion of information community (EIC), therefore, in addition to the recommendations provided in the audit report, the National Audit Office also urges responsible institutions to make decision about the EIC policies as soon as possible.

 

Responsible for the information Communication Division
Last updated on 26 September 2018

National Audit Office of Lithuania

Pamėnkalnio St 27, LT-01113 Vilnius, Phone: +370 608 92 636, Email: nao@vkontrole.lt.