77
results found in
8 ms
Page 1
of 8
Management of IT security in systems outsourced to external suppliers
Security to be improved in IT processes outsourced to external suppliers When IT processes are outsourced to external suppliers, the authorities no longer have direct control of the IT security, but remain responsible for managing the security of the IT. Authorities that fail to manage IT security actively based on risk assessments, and omit to monitor the implementation of these requirements, will not be able to determine if the level of IT security in the outsourced systems safeguards their systems and data. This is how the conclusion of the Rigsrevisionen starts. The Danish auditors noticed improvement in the audited entities, but they add that tha majority of the auditees: can refine their requirements for and follow-up on access control and logging practices
Full description
Security to be improved in IT processes outsourced to external suppliers When IT processes are outsourced to external suppliers, the authorities no longer have direct control of the IT security, but remain responsible for managing the security of the IT. Authorities that fail to manage IT security actively based on risk assessments, and omit to monitor the implementation of these requirements, will not be able to determine if the level of IT security in the outsourced systems safeguards their systems and data. This is how the conclusion of the Rigsrevisionen starts. The Danish auditors noticed improvement in the audited entities, but they add that tha majority of the auditees: can refine their requirements for and follow-up on access control and logging practices
Full description
National Audit Office of Denmark
, issued in 2016
Risk cases: 3
IT security in the Federal Administration
The SFAO has audited the Admin PKI – the basic infrastructure and offering for the issuing of digital certificates – within the Federal Office of Information Technology, Systems and Telecommunication ... (FOITT). The examination concentrated on assessing the development and current operation as well as future prospects. Admin PKI refers to all processes and the hardware and software needed for issuing ... certificates of different grades. ... Technical and organizational deficiencies work together against data security ... Only minor deficiencies were revealed in the Windows environment but only in case of Microsoft products.Providers' lack of both assertiveness and synergy adds to 'the great unknown' of authonomous ... entities' networks.
Full description
The SFAO has audited the Admin PKI – the basic infrastructure and offering for the issuing of digital certificates – within the Federal Office of Information Technology, Systems and Telecommunication ... (FOITT). The examination concentrated on assessing the development and current operation as well as future prospects. Admin PKI refers to all processes and the hardware and software needed for issuing ... certificates of different grades. ... Technical and organizational deficiencies work together against data security ... Only minor deficiencies were revealed in the Windows environment but only in case of Microsoft products.Providers' lack of both assertiveness and synergy adds to 'the great unknown' of authonomous ... entities' networks.
Full description
Swiss Federal Audit Office
, issued in 2011
Risk cases: 4
The protection of IT systems and health data in three Danish regions
Security to be improved in IT systems with health data It is Rigsrevisionen’s assessment that the three regions are not protecting the access to IT systems and health data in a satisfactory manner. As a consequence, unauthorised persons might gain access to sensitive and confidential personal data, which could affect there liability and availability of important health data used in the treatment of hospital patients. Based on the results of the study and the current threat scenario, Rigsrevisionen finds that basic security measures against cyber attacks and protection of access to IT systems and health data should be a top priority for Denmark’s five regions. Basic security measures in combination with management and control of user privileges can reduce the risk of compromising the regions’ IT systems and data considerably.
Full description
Security to be improved in IT systems with health data It is Rigsrevisionen’s assessment that the three regions are not protecting the access to IT systems and health data in a satisfactory manner. As a consequence, unauthorised persons might gain access to sensitive and confidential personal data, which could affect there liability and availability of important health data used in the treatment of hospital patients. Based on the results of the study and the current threat scenario, Rigsrevisionen finds that basic security measures against cyber attacks and protection of access to IT systems and health data should be a top priority for Denmark’s five regions. Basic security measures in combination with management and control of user privileges can reduce the risk of compromising the regions’ IT systems and data considerably.
Full description
National Audit Office of Denmark
, issued in 2018
Risk cases: 3
Insufficient monitoring of consultancy work in large-scale IT projects
Insufficient monitoring of consultancy work in large-scale IT projects The German Federal Ministry of the Interior did not sufficiently plan, monitor and control consultancy work in two large-scale IT projects, not being thus able to evaluate the amount of work done and pay accordingly. It was recommended by SAI the establishment of a quality management system and its application mandatory for large-scale IT projects
Full description
Insufficient monitoring of consultancy work in large-scale IT projects The German Federal Ministry of the Interior did not sufficiently plan, monitor and control consultancy work in two large-scale IT projects, not being thus able to evaluate the amount of work done and pay accordingly. It was recommended by SAI the establishment of a quality management system and its application mandatory for large-scale IT projects
Full description
Bundesrechnungshof
, issued in 2017
Risk cases: 1
General and Creation Control of the Information Systems of the Ministry of Foreign Affairs
The objective of the audit was to assess general and creation control of the information systems of the Ministry of Foreign Affairs. Since the beginning of 2009, the Ministry of Foreign Affairs has ... achieved considerable progress in the management of the information systems. The auditors reviewed and assessed all key elements of the process. ... Overview of problems - area by area ... SAI Lithuania looked into all critical elements of a Ministry's information system, starting from IT architecture, through information security to automation of data processing.
Full description
The objective of the audit was to assess general and creation control of the information systems of the Ministry of Foreign Affairs. Since the beginning of 2009, the Ministry of Foreign Affairs has ... achieved considerable progress in the management of the information systems. The auditors reviewed and assessed all key elements of the process. ... Overview of problems - area by area ... SAI Lithuania looked into all critical elements of a Ministry's information system, starting from IT architecture, through information security to automation of data processing.
Full description
National Audit Office of the Republic of Lithuania
, issued in 2013
Risk cases: 4
Extract from the report to the Public Accounts Committee on the access to IT systems that support the provision of essential services to the Danish society
The report is focused on the significant risk that is associated with inadequate management and control of domain administrator privileges, which makes it possible for unauthorized persons to obtain ... access to the IT systems and data of the institutions. Rigsrevisionen has not examined for what specific purposes unauthorized access to the institutions’ systems and data can be used. ... ... Inadequate management and control of domain administrator privileges ... The Danish report concerns the measures - taken by six government institutions of various branches of State activities - to protect IT systems and data that support the provision of essential ... services to the Danish society from unauthorized access, obtained on the basis of domain administrator privileges.
Full description
The report is focused on the significant risk that is associated with inadequate management and control of domain administrator privileges, which makes it possible for unauthorized persons to obtain ... access to the IT systems and data of the institutions. Rigsrevisionen has not examined for what specific purposes unauthorized access to the institutions’ systems and data can be used. ... ... Inadequate management and control of domain administrator privileges ... The Danish report concerns the measures - taken by six government institutions of various branches of State activities - to protect IT systems and data that support the provision of essential ... services to the Danish society from unauthorized access, obtained on the basis of domain administrator privileges.
Full description
National Audit Office of Denmark
, issued in 2015
Risk cases: 4
Improved Planning and Performance Measures Are Needed to Help Ensure Successful Technology Modernization
Massive modernization effort needs coordination Social security issues can touch lives of many. Information technology in this area are increasingly costly and difficult to maintain. GAO is recommending to develop comprehensive metrics to effectively gauge modernization progress; complete comprehensive strategic planning, including its enterprise architecture; and define the new roles and responsibilities to help ensure effective oversight.
Full description
Massive modernization effort needs coordination Social security issues can touch lives of many. Information technology in this area are increasingly costly and difficult to maintain. GAO is recommending to develop comprehensive metrics to effectively gauge modernization progress; complete comprehensive strategic planning, including its enterprise architecture; and define the new roles and responsibilities to help ensure effective oversight.
Full description
General Accountability Office
, issued in 2012
Risk cases: 3
Management of Police Information Resources
Police tasks of the necessary data are processed departmental registers, information systems, automated data processing systems and networks where information is stored, processed and transferred ... to the classified information. The police department has all of these information resources, so the audit focused on the activities and actions of the Department to ensure planning and organizing of the recourses ... , monitoring, evaluation and coordination and other aspects of registers and IS strategic management. The audited period was 2012-2014. For the analysis, there were used previous data and data of 2015 ... ... Fundamentals of IT organisation ... and well understood architecture of information. Well functioning IT management structures, which on the other hand may sound trivial, were proved here as the key to success. ... Review by SAI Lithuania makes readers aware that nowadays it is difficult to develop a larger IT system without whole conceptual infrastracture: planning composed into strategy of the organisation
Full description
Police tasks of the necessary data are processed departmental registers, information systems, automated data processing systems and networks where information is stored, processed and transferred ... to the classified information. The police department has all of these information resources, so the audit focused on the activities and actions of the Department to ensure planning and organizing of the recourses ... , monitoring, evaluation and coordination and other aspects of registers and IS strategic management. The audited period was 2012-2014. For the analysis, there were used previous data and data of 2015 ... ... Fundamentals of IT organisation ... and well understood architecture of information. Well functioning IT management structures, which on the other hand may sound trivial, were proved here as the key to success. ... Review by SAI Lithuania makes readers aware that nowadays it is difficult to develop a larger IT system without whole conceptual infrastracture: planning composed into strategy of the organisation
Full description
National Audit Office of the Republic of Lithuania
, issued in 2015
Risk cases: 4
IT Police Systems
Implementation by the Polish Police of two IT projects (E-police station and Command Support System - CSS) was audited. Both systems were to relieve the Police officers and increase the quality ... and effectiveness of their work. Audit explained the reason of failure in the case of E-police station project and success in the case of CSS. Although some irregularities occurred in both cases, careful planning ... and organization of the project turned out to make the difference. Accordance with the public procurement law was not part of the audit as a separate investigation in that matter was carried by respective Polish ... ... A textbook example of how not to implement the IT projects ... Polish NIK compared the implementation of two flagship IT projects of the Police HQ: successful 'Command Support System' and problematic 'E-police station'. List of interesting problems appeared...
Full description
Implementation by the Polish Police of two IT projects (E-police station and Command Support System - CSS) was audited. Both systems were to relieve the Police officers and increase the quality ... and effectiveness of their work. Audit explained the reason of failure in the case of E-police station project and success in the case of CSS. Although some irregularities occurred in both cases, careful planning ... and organization of the project turned out to make the difference. Accordance with the public procurement law was not part of the audit as a separate investigation in that matter was carried by respective Polish ... ... A textbook example of how not to implement the IT projects ... Polish NIK compared the implementation of two flagship IT projects of the Police HQ: successful 'Command Support System' and problematic 'E-police station'. List of interesting problems appeared...
Full description
Supreme Audit Office of Poland
, issued in 2013
Risk cases: 5
Management of Information Resources of the Ministry of the Interior
information systems. Whereas the Ministry has failed to implement some of the public audit recommendations of 2007 and 2010,6 we analysed, whether there have been any positive changes in the field of IT ... of the Schengen collaboration tools. The quality of IT management in the Ministry shall also affect the activities of other state institutions: from 05/01/206, the list of public information resources consolidation ... works is being implemented7 and the Information Technology and Communications Department under the Ministry of the Interior was appointed one of the four public IT service providers. <br/> The purpose ... ... Process maturity examination can help in IT audit ... Main risk areas in case of this audit were strategic and organisational - Ministry’s weak ownership of IT resources, insufficient audit and internal control function. SAI Lithuania auditors found ... also flaws in change management and security processes. But the finding, which gave them the key to the root cause of problems, was connected with maturity assessment of the auditee's IT processes.
Full description
information systems. Whereas the Ministry has failed to implement some of the public audit recommendations of 2007 and 2010,6 we analysed, whether there have been any positive changes in the field of IT ... of the Schengen collaboration tools. The quality of IT management in the Ministry shall also affect the activities of other state institutions: from 05/01/206, the list of public information resources consolidation ... works is being implemented7 and the Information Technology and Communications Department under the Ministry of the Interior was appointed one of the four public IT service providers. <br/> The purpose ... ... Process maturity examination can help in IT audit ... Main risk areas in case of this audit were strategic and organisational - Ministry’s weak ownership of IT resources, insufficient audit and internal control function. SAI Lithuania auditors found ... also flaws in change management and security processes. But the finding, which gave them the key to the root cause of problems, was connected with maturity assessment of the auditee's IT processes.
Full description
National Audit Office of the Republic of Lithuania
, issued in 2016
Risk cases: 4