The presentation will take a closer look at some of the findings from a survey of information security management in Slovakia conducted by ESET in 2011. It will try to find answers on some of the questions that come with effective management of costs for information security or with development of information security management systems: How to spend budget for information security effectively? How to develop an effective system of information security management? Whom to appoint and train to be responsible for information security when lack of specialists and their training becomes and obstacle on the way towards secure, integral and available public administration information systems?