Preventing corrupt practices in public institutions in the Western Balkans : application of ICT security standards, policies and procedures

Information security (INFOSEC) seeks to integrate previously distinct disciplines such as: employee security, computer security, communications security and operational security. It is ensured by an appropriate set of controls, which can be principles, practices, procedures, organizational structures, and software functions. The ISO/IEC 27001 standard is subject to different areas of application as well as differentiation of possible processes in the organization that are related to the management of security control such as: security policy, security of the organization, control and classification of the source, security of employees, security of tangible assets and environment, operational management and communications, access control, development and maintenance of various systems, and continuity management. We address the following areas: information security, ISO/IEC 27001 standard and provide some negative examples from countries in the WB6 region where the abuse of IT systems took place due to non-compliance, i.e. the lack of minimum security standards necessary for safe, quality and systematic operation in public institutions. It is necessary to create a national strategy that should list short-term, medium-term and long-term measures that need to be taken and implemented in order to follow the security IT standards and trends in countries where this type of standards and measures are applied and give appropriate results.