174
results found in
14 ms
Page 1
of 18
Management of IT security in systems outsourced to external suppliers
Security to be improved in IT processes outsourced to external suppliers When IT processes are outsourced to external suppliers, the authorities no longer have direct control of the IT security, but remain responsible for managing the security of the IT. Authorities that fail to manage IT security actively based on risk assessments, and omit to monitor the implementation of these requirements, will not be able to determine if the level of IT security in the outsourced systems safeguards their systems and data. This is how the conclusion of the Rigsrevisionen starts. The Danish auditors noticed improvement in the audited entities, but they add that tha majority of the auditees: can refine their requirements for and follow-up on access control and logging practices
Full description
Security to be improved in IT processes outsourced to external suppliers When IT processes are outsourced to external suppliers, the authorities no longer have direct control of the IT security, but remain responsible for managing the security of the IT. Authorities that fail to manage IT security actively based on risk assessments, and omit to monitor the implementation of these requirements, will not be able to determine if the level of IT security in the outsourced systems safeguards their systems and data. This is how the conclusion of the Rigsrevisionen starts. The Danish auditors noticed improvement in the audited entities, but they add that tha majority of the auditees: can refine their requirements for and follow-up on access control and logging practices
Full description
National Audit Office of Denmark
, issued in 2016
Risk cases: 3
IT Support in the Judicial Chain
The Swedish National Audit Office has examined how well agencies in the judicial chain have handled known flaws in their IT support and whether the Government’s control mechanisms have provided ... the agencies with sufficient prerequisites to expand and improve IT support. ... ... Needed: good conditions by government, better steering and control by authorities ... Despite many years’ of work to modernize the IT support within the judiciary, there are still many deficiencies. The Government has not given the authorities good conditions enough to lead the work ... . The authorities, in their turn, need to improve their steering and control, as well as interact to a much higher degree.
Full description
The Swedish National Audit Office has examined how well agencies in the judicial chain have handled known flaws in their IT support and whether the Government’s control mechanisms have provided ... the agencies with sufficient prerequisites to expand and improve IT support. ... ... Needed: good conditions by government, better steering and control by authorities ... Despite many years’ of work to modernize the IT support within the judiciary, there are still many deficiencies. The Government has not given the authorities good conditions enough to lead the work ... . The authorities, in their turn, need to improve their steering and control, as well as interact to a much higher degree.
Full description
Swedish National Audit Office
, issued in 2011
Risk cases: 3
Security of servers managed by the Danish Agency for Governmental IT Services
Servers are essential part of IT infrastructure. At the same time, they are vulnerable to cyberattacks, because they can be exploited by hackers to gain unauthorized access to the system and steal sensitive information, corrupt data, or cause systems to malfunction. Once the security of a server is compromised, attackers can gain access to other computers and servers across the network. Danish auditors paid attention to risky stages of servers lifecycle. The Danish Agency for Governmental IT Services managed 5,353 servers on behalf of 46 authorities in time of the audit. 537 of these servers were no longer supported by their developers because they have reached the end of their lifecycle.
Full description
Servers are essential part of IT infrastructure. At the same time, they are vulnerable to cyberattacks, because they can be exploited by hackers to gain unauthorized access to the system and steal sensitive information, corrupt data, or cause systems to malfunction. Once the security of a server is compromised, attackers can gain access to other computers and servers across the network. Danish auditors paid attention to risky stages of servers lifecycle. The Danish Agency for Governmental IT Services managed 5,353 servers on behalf of 46 authorities in time of the audit. 537 of these servers were no longer supported by their developers because they have reached the end of their lifecycle.
Full description
National Audit Office of Denmark
, issued in 2023
Risk cases: $risks.size()
IT security in the Federal Administration
The SFAO has audited the Admin PKI – the basic infrastructure and offering for the issuing of digital certificates – within the Federal Office of Information Technology, Systems and Telecommunication ... (FOITT). The examination concentrated on assessing the development and current operation as well as future prospects. Admin PKI refers to all processes and the hardware and software needed for issuing ... certificates of different grades. ... Technical and organizational deficiencies work together against data security ... Only minor deficiencies were revealed in the Windows environment but only in case of Microsoft products.Providers' lack of both assertiveness and synergy adds to 'the great unknown' of authonomous ... entities' networks.
Full description
The SFAO has audited the Admin PKI – the basic infrastructure and offering for the issuing of digital certificates – within the Federal Office of Information Technology, Systems and Telecommunication ... (FOITT). The examination concentrated on assessing the development and current operation as well as future prospects. Admin PKI refers to all processes and the hardware and software needed for issuing ... certificates of different grades. ... Technical and organizational deficiencies work together against data security ... Only minor deficiencies were revealed in the Windows environment but only in case of Microsoft products.Providers' lack of both assertiveness and synergy adds to 'the great unknown' of authonomous ... entities' networks.
Full description
Swiss Federal Audit Office
, issued in 2011
Risk cases: 4
The implementation of national IT projects in social and health care
IT management expenditure in public administration totalled about 2.1 billion euros in 2009. IT management expenditure by local authorities and federations of municipalities in the field of health ... care totalled about 270 million euros ino 2009. Health care's share of IT management expenditure in public administration thus amounted to about 13 per cent in 2009. ... ... IT-centred manner of project implementation can harm IT investments' results ... SAI Finland perfomed a vast review of IT projects in health and social protection. Many interesting findings cover structural problems, as 'Many separate systems with no future' and characteristics ... of poor governance, as 'No cost monitoring - unclear objectives - arguable usefulness'.
Full description
IT management expenditure in public administration totalled about 2.1 billion euros in 2009. IT management expenditure by local authorities and federations of municipalities in the field of health ... care totalled about 270 million euros ino 2009. Health care's share of IT management expenditure in public administration thus amounted to about 13 per cent in 2009. ... ... IT-centred manner of project implementation can harm IT investments' results ... SAI Finland perfomed a vast review of IT projects in health and social protection. Many interesting findings cover structural problems, as 'Many separate systems with no future' and characteristics ... of poor governance, as 'No cost monitoring - unclear objectives - arguable usefulness'.
Full description
National Audit Office of Finland
, issued in 2011
Risk cases: 3
IT strategy of Swiss Federal Institute of Technology
The SFAO conducted an IT audit in 2009, in order to evaluate goal achievement and cost effectiveness of information and communication technology by Swiss Federal Institute of Technology (ETH Zurich ... ). [p. 11] ... Performance audit of IT strategy in research area ... Interesting problems of IT strategy implementation - including that of organizational authonomy skope.
Full description
The SFAO conducted an IT audit in 2009, in order to evaluate goal achievement and cost effectiveness of information and communication technology by Swiss Federal Institute of Technology (ETH Zurich ... ). [p. 11] ... Performance audit of IT strategy in research area ... Interesting problems of IT strategy implementation - including that of organizational authonomy skope.
Full description
Swiss Federal Audit Office
, issued in 2010
Risk cases: 1
The protection of IT systems and health data in three Danish regions
Security to be improved in IT systems with health data It is Rigsrevisionen’s assessment that the three regions are not protecting the access to IT systems and health data in a satisfactory manner. As a consequence, unauthorised persons might gain access to sensitive and confidential personal data, which could affect there liability and availability of important health data used in the treatment of hospital patients. Based on the results of the study and the current threat scenario, Rigsrevisionen finds that basic security measures against cyber attacks and protection of access to IT systems and health data should be a top priority for Denmark’s five regions. Basic security measures in combination with management and control of user privileges can reduce the risk of compromising the regions’ IT systems and data considerably.
Full description
Security to be improved in IT systems with health data It is Rigsrevisionen’s assessment that the three regions are not protecting the access to IT systems and health data in a satisfactory manner. As a consequence, unauthorised persons might gain access to sensitive and confidential personal data, which could affect there liability and availability of important health data used in the treatment of hospital patients. Based on the results of the study and the current threat scenario, Rigsrevisionen finds that basic security measures against cyber attacks and protection of access to IT systems and health data should be a top priority for Denmark’s five regions. Basic security measures in combination with management and control of user privileges can reduce the risk of compromising the regions’ IT systems and data considerably.
Full description
National Audit Office of Denmark
, issued in 2018
Risk cases: 3
State aid for IT projects in social and health care
information system services (KanTa project) or the National Project for Social Services IT (Tikesos project). Financing has been provided by the Ministry of Social Affairs and H ealth, the Finnish Funding ... to enterprises by Tekes or financing granted by the Finnish Innovation Fund (Sitra) for IT projects in social and health care. ... In 2000-2009 about 180 million euros in national and European Union funds went to finance information technology projects in social and health care, not including the costs of developing national ... Difficult coordination of IT projects ... Finish Audit Office analyzed results of poor cooperation between authorities on national and local level in social and health care projects: difficult integration of information systems and poor ... coordination of the financing information technology projects, including double financing.
Full description
information system services (KanTa project) or the National Project for Social Services IT (Tikesos project). Financing has been provided by the Ministry of Social Affairs and H ealth, the Finnish Funding ... to enterprises by Tekes or financing granted by the Finnish Innovation Fund (Sitra) for IT projects in social and health care. ... In 2000-2009 about 180 million euros in national and European Union funds went to finance information technology projects in social and health care, not including the costs of developing national ... Difficult coordination of IT projects ... Finish Audit Office analyzed results of poor cooperation between authorities on national and local level in social and health care projects: difficult integration of information systems and poor ... coordination of the financing information technology projects, including double financing.
Full description
National Audit Office of Finland
, issued in 2011
Risk cases: 3
Insufficient monitoring of consultancy work in large-scale IT projects
Insufficient monitoring of consultancy work in large-scale IT projects The German Federal Ministry of the Interior did not sufficiently plan, monitor and control consultancy work in two large-scale IT projects, not being thus able to evaluate the amount of work done and pay accordingly. It was recommended by SAI the establishment of a quality management system and its application mandatory for large-scale IT projects
Full description
Insufficient monitoring of consultancy work in large-scale IT projects The German Federal Ministry of the Interior did not sufficiently plan, monitor and control consultancy work in two large-scale IT projects, not being thus able to evaluate the amount of work done and pay accordingly. It was recommended by SAI the establishment of a quality management system and its application mandatory for large-scale IT projects
Full description
Bundesrechnungshof
, issued in 2017
Risk cases: 1
Cyber security resilience of the Danish public sector II
Danish NAO underlines that public authorities depend on IT to deliver their services. Thus, major IT problems and loss of data relating to critical IT systems can have far-reaching consequences for the government, citizens and companies. The audit focused on IT contingency plans, secure continuity of operations and mitigation of the consequences of system breakdowns or data losses in the event of major IT breakdowns. Approximately 90 of the government's IT systems are assessed to be critical by the departments.
Full description
Danish NAO underlines that public authorities depend on IT to deliver their services. Thus, major IT problems and loss of data relating to critical IT systems can have far-reaching consequences for the government, citizens and companies. The audit focused on IT contingency plans, secure continuity of operations and mitigation of the consequences of system breakdowns or data losses in the event of major IT breakdowns. Approximately 90 of the government's IT systems are assessed to be critical by the departments.
Full description
National Audit Office of Denmark
, issued in 2023
Risk cases: $risks.size()