ICT security in revenue administration - incidents, security incidents - detection, response, resolve

The article shows the author's approach to the methods of acquiring and analyzing reports and security incidents, categorizing their sources in relation to the literature describing ICT security threats, taking into account the legal regulations in force in the Polish public administration. Methods of verification and analysis of detected threats, methods of threat resolution were presented. Tools and procedures used to evaluate reported incidents and assess the threat level of reported incidents were discussed. The incidents and events identified in the period April 2018 - February 2022 were analyzed. Due to the implementation of remote work, there were challenges related to the need to ensure secure remote access to ICT systems of the tax administration. This entailed the need to develop other methods of analysis, response and development of procedures for safe use of workstations by employees providing remote work. The article shows a wide variety of events that members of the security incident response team had to deal with. The obtained results will also be compared with the conducted scientific research on the perception of security threats in public administration and how changes in IT service in the studied organization influenced security management and affect the developed model of combating intentional security threats to information systems.