Information Security Management System (ISMS) is defined in (ISO/IEC 27000: 2012-2.34) as a part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security. The management system consist of guidelines, policies, procedures, processes and associated resources and activities (thus both material resources, such as computers, human resources–as workers, together with their skills and experience, as well as intangible resources–computer programs or organizational culture) to ensure the organization fulfils its tasks and achieves business objectives (ISO/IEC 27000: 2012-2.42, Chmielewski JM 2006, Humphreys E., 2007, pp. 11-44, Pankova J., et al., 2009, pp. 119-130). Information Security Management (Ilvonen I., 2011, pp. 148-154, Korzeniowski L., 2005 pp. 20-23, Korzeniowski LF, 2008) is a great challenge for contemporary organizations and institutions. Offices of government and local government are not an exception in this regard (Korzeniowski LF, 2012, Kwiatkowski S., 2011, Škvrnda F., 2005, pp. 28-67, Jajodia S., et al. 2010).

Especially, there is a regulation of Polish Council of Ministers regarding to the National Interoperability Framework, the minimum requirements for public registry and information exchange in electronic form and the minimum requirements for ICT systems imposing on managers of public administration units some obligations relating to security management (Rozporządzenie Rady Ministrów z 12 kwietnia 2012 r. w sprawie Krajowych Ram Interoperacyjności, minimalnych wymagań dla rejestrów publicznych