EN
The paper presents the concept of information security in the Polish public administration. The analysis focuses on the legal aspects of this problem. The author describes the present state of legislation and connections with the main standards of information security, especially ISO 27000 family. The summary of the article contains postulates of changes, like promoting participation, using soft law instruments and best practices in order to maintain information security management systems in public institutions at the appropriate level of quality.