ENSURING INFORMATION SECURITY IN PUBLIC ORGANIZATIONS IN THE REPUBLIC OF MOLDOVA THROUGH THE ISO 27001 STANDARD

Abstract

Data protection in public organizations in the Republic of Moldova (RM) is ensured by implementing mandatory cyber security controls (MCSR) adopted by the Government. In order to analyze the completeness of the controls, a comparative study was conducted between MCSR and the cyber security standard ISO 27001. The intention to comply with international cyber security standards is reflected in the Strategy on Information Security in the RM for 2019-2024. Compliance with national cyber security controls to international standards will ensure the security of the organization's data and resources by implementing effective, time-verified security controls. Another benefit is the confidence of foreign partners in public organizations of the country, because there will be guarantees that the data provided is confidential, complete and available. It is very important to increase the number of public organizations, certified with the ISO 27001 standard in Moldova in order to ensure the level of compliance with international cyber security requirements. The gap method, which was used in this study, measures the completeness of the MCSR, which is mandatory for public institutions in the Republic of Moldova, compared to the international standard ISO 27001. Based on the results obtained, a series of recommendations were developed which include: the creation of information security management systems (ISMS); performing internal and external audit of systems to meet trends; alignment of the MCSR, issued by the Government of the Republic of Moldova to the security controls of the ISO 27001 standard. It is very important to ensure an acceptable level of cyber security in public institutions in the Republic of Moldova, therefore implementation and certification with international standards is mandatory.