Ensuring Basic Cybersecurity Presumptions in BiH Institutions

The Audit Office of BiH Institutions conducted an audit of the performance of “Activities of BiH Institutions on ensuring the basic assumptions for cybersecurity”, which indicates that BiH institutions were not efficient in undertaking activities aimed at ensuring basic cybersecurity presumptions.

There is a lack of a strategic and legal framework for cyber security, and the Computer Security Incident Response Team for BiH institutions has not been established either.

The purpose of the performance audit was to determine whether the institutions of BiH are efficient in undertaking activities to ensure the basic assumptions for cyber security.

Only 14 out of 68 institutions of Bosnia and Herzegovina adopted information security management acts by the Information Security Management Policy. The consequences of the lack of basic assumptions for cybersecurity endanger the operations of public administration and can lead to the alienation of data and financial resources necessary for the functioning of the country and the daily life of citizens.

The recommendations were addressed to the Council of Ministers of BiH, the Ministry of Communications and Transport of BiH, the Ministry of Security of BiH and the institutions of BiH. The implementation of the recommendations should contribute to the provision of basic assumptions for cybersecurity and the improvement of cyber protection in the institutions of Bosnia and Herzegovina, announced the Audit Office of Institutions of Bosnia and Herzegovina.