111
results found in
12 ms
Page 3
of 12
Extract from the report to the Public Accounts Committee on the access to IT systems that support the provision of essential services to the Danish society
The report is focused on the significant risk that is associated with inadequate management and control of domain administrator privileges, which makes it possible for unauthorized persons to obtain ... access to the IT systems and data of the institutions. Rigsrevisionen has not examined for what specific purposes unauthorized access to the institutions’ systems and data can be used. ... ... Inadequate management and control of domain administrator privileges ... The Danish report concerns the measures - taken by six government institutions of various branches of State activities - to protect IT systems and data that support the provision of essential ... services to the Danish society from unauthorized access, obtained on the basis of domain administrator privileges.
Full description
The report is focused on the significant risk that is associated with inadequate management and control of domain administrator privileges, which makes it possible for unauthorized persons to obtain ... access to the IT systems and data of the institutions. Rigsrevisionen has not examined for what specific purposes unauthorized access to the institutions’ systems and data can be used. ... ... Inadequate management and control of domain administrator privileges ... The Danish report concerns the measures - taken by six government institutions of various branches of State activities - to protect IT systems and data that support the provision of essential ... services to the Danish society from unauthorized access, obtained on the basis of domain administrator privileges.
Full description
National Audit Office of Denmark
, issued in 2015
Risk cases: 4
Coordinated Audit on Information Technology Governance
IT governance needs awareness and SAIs' support The OLACEFS auditors found that the greatest challenge for the SAIs is to raise the awareness of the audit institutions about the importance of IT governance and the benefits that could be obtained by improving its degree of maturity. The audit was conducted by 11 SAIs and coordinated by TCU of Brasil. They concluded: 'It is important, even urgent, to invest resources to implement or enhance: the IT committees; the IT planning process; strategic IT planning; monitoring the IT contracting process; the business continuity plan; the designation of a responsible person or unit to manage security information; a risk management process; an asset inventory process; an information security committee; and a policy for access control.'
Full description
IT governance needs awareness and SAIs' support The OLACEFS auditors found that the greatest challenge for the SAIs is to raise the awareness of the audit institutions about the importance of IT governance and the benefits that could be obtained by improving its degree of maturity. The audit was conducted by 11 SAIs and coordinated by TCU of Brasil. They concluded: 'It is important, even urgent, to invest resources to implement or enhance: the IT committees; the IT planning process; strategic IT planning; monitoring the IT contracting process; the business continuity plan; the designation of a responsible person or unit to manage security information; a risk management process; an asset inventory process; an information security committee; and a policy for access control.'
Full description
Risk cases: 5
The development and use of identification services in public administration
The audit examined the implementation and coordination of projects aimed at developing identification services in public administration, cooperation among authorities in this area and compliance ... with legislation in procuring services. The audit also examined development, control and monitoring structures regarding identification services. The audit focused on electronic identification services that are used ... in public administration's electronic transactions. ... ... Unhealthy competition linked with lack of coordinatnion and with procurement irregularities ... of Finland identified also risks resulting from lack of horizontal coordination. ... See what may go wrong with the IT public procurement. Check out what is the basis to avoid irregularities or omissions in complying with public procurement legislation. National Audit Office
Full description
The audit examined the implementation and coordination of projects aimed at developing identification services in public administration, cooperation among authorities in this area and compliance ... with legislation in procuring services. The audit also examined development, control and monitoring structures regarding identification services. The audit focused on electronic identification services that are used ... in public administration's electronic transactions. ... ... Unhealthy competition linked with lack of coordinatnion and with procurement irregularities ... of Finland identified also risks resulting from lack of horizontal coordination. ... See what may go wrong with the IT public procurement. Check out what is the basis to avoid irregularities or omissions in complying with public procurement legislation. National Audit Office
Full description
National Audit Office of Finland
, issued in 2008
Risk cases: 3
The protection of IT systems and health data in three Danish regions
Security to be improved in IT systems with health data It is Rigsrevisionen’s assessment that the three regions are not protecting the access to IT systems and health data in a satisfactory manner. As a consequence, unauthorised persons might gain access to sensitive and confidential personal data, which could affect there liability and availability of important health data used in the treatment of hospital patients. Based on the results of the study and the current threat scenario, Rigsrevisionen finds that basic security measures against cyber attacks and protection of access to IT systems and health data should be a top priority for Denmark’s five regions. Basic security measures in combination with management and control of user privileges can reduce the risk of compromising the regions’ IT systems and data considerably.
Full description
Security to be improved in IT systems with health data It is Rigsrevisionen’s assessment that the three regions are not protecting the access to IT systems and health data in a satisfactory manner. As a consequence, unauthorised persons might gain access to sensitive and confidential personal data, which could affect there liability and availability of important health data used in the treatment of hospital patients. Based on the results of the study and the current threat scenario, Rigsrevisionen finds that basic security measures against cyber attacks and protection of access to IT systems and health data should be a top priority for Denmark’s five regions. Basic security measures in combination with management and control of user privileges can reduce the risk of compromising the regions’ IT systems and data considerably.
Full description
National Audit Office of Denmark
, issued in 2018
Risk cases: 3
Audit on the broadband internet infrastructure access
of assumed financing was contracted, namely PLN 3.9 billion. By the end of 2015, Poland should complete the investment and account for the expenses. According to NIK there is a risk that the infrastructure ... Poland has been granted over PLN 4 billion from the European Regional Development Fund to build the broadband internet access infrastructure. As part of three operational programmes 90 percent ... construction will not be completed by the deadline and the EU funds may not be used to the full. ... ... Simpler regulations and better supervision needed ... Polish SAI audited a project, which aim had been to develop broadband internet network across the country. They revealed that legal obstacles, idleness and lack of supervision were the main causes ... of delays. Some of the projects are in danger of not being completed on time and some of the EU funds may not be fully used.
Full description
of assumed financing was contracted, namely PLN 3.9 billion. By the end of 2015, Poland should complete the investment and account for the expenses. According to NIK there is a risk that the infrastructure ... Poland has been granted over PLN 4 billion from the European Regional Development Fund to build the broadband internet access infrastructure. As part of three operational programmes 90 percent ... construction will not be completed by the deadline and the EU funds may not be used to the full. ... ... Simpler regulations and better supervision needed ... Polish SAI audited a project, which aim had been to develop broadband internet network across the country. They revealed that legal obstacles, idleness and lack of supervision were the main causes ... of delays. Some of the projects are in danger of not being completed on time and some of the EU funds may not be fully used.
Full description
Supreme Audit Office of Poland
, issued in 2015
Risk cases: 2
Report on the government’s processing of confidential data on persons and companies
Rigsrevisionen has examined how eight government institutions process confidential data on persons and companies in 11 selected IT systems. The report is based on IT audits carried out in connection ... with the annual audit in the spring 2014. The purpose of the audit was to assess whether confidential data on persons and companies are adequately protected by the government institutions. ... ... Inadequate protection of confidential data ... If a government institution does not protect confidential data to the extent necessary, the risk that third parties get unauthorized access to the data is very high. In opinion of the Danish SAI ... , inadequate protection of confidential data may also erode the citizens’ and companies’ confidence in government data security. That may eventually become a barrier for the continued efforts to implement ... e-government and make government administration more efficient.
Full description
Rigsrevisionen has examined how eight government institutions process confidential data on persons and companies in 11 selected IT systems. The report is based on IT audits carried out in connection ... with the annual audit in the spring 2014. The purpose of the audit was to assess whether confidential data on persons and companies are adequately protected by the government institutions. ... ... Inadequate protection of confidential data ... If a government institution does not protect confidential data to the extent necessary, the risk that third parties get unauthorized access to the data is very high. In opinion of the Danish SAI ... , inadequate protection of confidential data may also erode the citizens’ and companies’ confidence in government data security. That may eventually become a barrier for the continued efforts to implement ... e-government and make government administration more efficient.
Full description
National Audit Office of Denmark
, issued in 2014
Risk cases: 2
Copyright Office Needs to Develop Plans that Address Technical and Organizational Challenges
The mission of the Copyright Office, a service unit within the Library of Congress, is to promote creativity by administering and sustaining a national copyright system. As part of this mission ... , the Copyright Office registers about 500,000 creative works a year for copyright and records documentation related to copyright transfer and sale. In recent years, the Register of Copyrights has discussed ... the need for a modernized Copyright Office, to include upgrades to the current IT environment. ... No justified investments without IT strategy ... difficult to solve practical problems, but it can also put the overall mission of the Office at risk. ... GAO shows in its report on the US Copyright Office, what is a role of IT strategy in organisaion. Effects can be found at the bottom and at the top: the lack of strategic plan can make it more
Full description
The mission of the Copyright Office, a service unit within the Library of Congress, is to promote creativity by administering and sustaining a national copyright system. As part of this mission ... , the Copyright Office registers about 500,000 creative works a year for copyright and records documentation related to copyright transfer and sale. In recent years, the Register of Copyrights has discussed ... the need for a modernized Copyright Office, to include upgrades to the current IT environment. ... No justified investments without IT strategy ... difficult to solve practical problems, but it can also put the overall mission of the Office at risk. ... GAO shows in its report on the US Copyright Office, what is a role of IT strategy in organisaion. Effects can be found at the bottom and at the top: the lack of strategic plan can make it more
Full description
General Accountability Office
, issued in 2015
Risk cases: 2
Operation of the Record Systems Applied in the Eligibility Scheme of Benefits and Services Provided from the Social Security Funds
Hungarian SAI evaluated the set-up and operation of the basic registries of managing bodies (National Health Insurance Fund, Central Administration of National Pension Insurance, National Tax ... and Customs Administration), as well as the dataflow amongst them. In addition, the control system of fulfilling the data provision obligation was evaluated, as well as the IT support activities and whether ... the records had proven reliable in supporting services in compliance with eligibilities and in filtering unjustified services. The audited period covered the years 2007-2010. ... ... Well considered regulations are essential for good quality data ... State Audit Office of Hungary.has proved that date safety may depend on quality of regulations. The report on record systems of social security services casted light on risk connected with huge data ... bases managed by different entities, in a changing legal environment.
Full description
Hungarian SAI evaluated the set-up and operation of the basic registries of managing bodies (National Health Insurance Fund, Central Administration of National Pension Insurance, National Tax ... and Customs Administration), as well as the dataflow amongst them. In addition, the control system of fulfilling the data provision obligation was evaluated, as well as the IT support activities and whether ... the records had proven reliable in supporting services in compliance with eligibilities and in filtering unjustified services. The audited period covered the years 2007-2010. ... ... Well considered regulations are essential for good quality data ... State Audit Office of Hungary.has proved that date safety may depend on quality of regulations. The report on record systems of social security services casted light on risk connected with huge data ... bases managed by different entities, in a changing legal environment.
Full description
State Audit Office of Hungary
, issued in 2012
Risk cases: 2
Audit of the key ICT project federal GEVER programme Federal Chancellery
During the first stage, two new GEVER (electronic records and process management) products were procured in an open WTO tender within the framework of the two-product strategy (federal GEVER WTO ... procurement project). CHF 1.6 million was spent on these. The departments and Federal Chancellery (departments/FCh) had to choose one of the two products within three months of the contract being awarded. ... ... Advanced process management system's cost-effectiveness and deadlines at risk ... Ever since 1990, sequential controls and file management have been part of the Federal Administration's IT landscape (GEVER business administration). Significant obstacles have to be overcome ... in order to ensure the successful creation and introduction of GEVER. Previous efforts did not have any widespread success and led to a diverse GEVER landscape. The federal GEVER project has now laid ... the foundations for simplification and centralisation.
Full description
During the first stage, two new GEVER (electronic records and process management) products were procured in an open WTO tender within the framework of the two-product strategy (federal GEVER WTO ... procurement project). CHF 1.6 million was spent on these. The departments and Federal Chancellery (departments/FCh) had to choose one of the two products within three months of the contract being awarded. ... ... Advanced process management system's cost-effectiveness and deadlines at risk ... Ever since 1990, sequential controls and file management have been part of the Federal Administration's IT landscape (GEVER business administration). Significant obstacles have to be overcome ... in order to ensure the successful creation and introduction of GEVER. Previous efforts did not have any widespread success and led to a diverse GEVER landscape. The federal GEVER project has now laid ... the foundations for simplification and centralisation.
Full description
Swiss Federal Audit Office
, issued in 2015
Risk cases: 2
Report to the Public AccountsCommittee on mitigation of cyber attacks
have addressed the risk of cyber attacks and whether they have implemented these three security controls. ... This report concerns the action taken by Danish government bodies to prevent cyber attacks. Behaving sensibly in cyberspace to avoid attacks is important, but should be supplemented by technical ... security controls that can increase security and mitigate cyber attacks. International studies have concluded that three central security controls can prevent the majority of the currently known types ... Three basic security measures are often neglected ... Government agencies are open for cyber attacks because they often forget to respect three basic IT security measures. The three measures are: 1. technical restriction on programs downloading; 2 ... . limited use of local administrators rights; 3. systematic software updates.
Full description
have addressed the risk of cyber attacks and whether they have implemented these three security controls. ... This report concerns the action taken by Danish government bodies to prevent cyber attacks. Behaving sensibly in cyberspace to avoid attacks is important, but should be supplemented by technical ... security controls that can increase security and mitigate cyber attacks. International studies have concluded that three central security controls can prevent the majority of the currently known types ... Three basic security measures are often neglected ... Government agencies are open for cyber attacks because they often forget to respect three basic IT security measures. The three measures are: 1. technical restriction on programs downloading; 2 ... . limited use of local administrators rights; 3. systematic software updates.
Full description
National Audit Office of Denmark
, issued in 2013
Risk cases: 3