22
results found in
8 ms
Page 1
of 3
Cyber Attacks: Securing Agencies’ICT Systems
. In the government sector, the Australian Signals Directorate (ASD)3 has estimated that between January and December 2012, there were over 1790 security incidents against Australian Government agencies. Of these, 685 ... responsibility of agencies, having regard to their business operations and specific risks. In the context of a national government, those risks can range from threats to national security through to the disclosure ... agencies compliance with the four mandatory ICT security strategies and related controls in the Australian Government Information Security Manual (ISM). The audit also considered the overall ICT security ... ... Cyber-security strategy needs consistent implementation and periodic reviews ... List of 35 mitigation controls against cyber intrusions are a basic tool of information security strategy of the Australian Government. Top four are: 1. application whitelisting, 2. patching ... application, 3. patching operating systems, 4. minimising administrative privileges. Analysis by the ANAO helps to fill gaps and to direct next steps.
Full description
. In the government sector, the Australian Signals Directorate (ASD)3 has estimated that between January and December 2012, there were over 1790 security incidents against Australian Government agencies. Of these, 685 ... responsibility of agencies, having regard to their business operations and specific risks. In the context of a national government, those risks can range from threats to national security through to the disclosure ... agencies compliance with the four mandatory ICT security strategies and related controls in the Australian Government Information Security Manual (ISM). The audit also considered the overall ICT security ... ... Cyber-security strategy needs consistent implementation and periodic reviews ... List of 35 mitigation controls against cyber intrusions are a basic tool of information security strategy of the Australian Government. Top four are: 1. application whitelisting, 2. patching ... application, 3. patching operating systems, 4. minimising administrative privileges. Analysis by the ANAO helps to fill gaps and to direct next steps.
Full description
The Australian National Audit Office
, issued in 2014
Risk cases: 3
Incorrect payments in social insurance - Control activities of the Swedish Social Insurance Agency
/> The Swedish NAO audited the work of the Government and the Swedish Social Insurance Agency to prevent incorrect payments in the period 2012–2015. The audit focused on the benefits for which the Swedish Social ... Insurance Agency is responsible. The audited benefits account for half of the insurance expenditure, half of the payments that are incorrect and for more than 70 per cent of the amount the Swedish Social ... Insurance Agency demands back every year. These benefits are assistance allowance, housing allowance, sickness compensation, parental benefit and temporary parental benefit. The selection is deemed to provide ... Balance of priorities needed to reduce incorrect payments ... Agency in this regard. However they found also, that serious problems can stem from giving higher priority to the speed of payment and customers satisfaction. They both are undoubtedly important features ... Role of social insurance in public finance is so substantial that reduction of incorrect payments' volume is matter of huge savings. The Swedish NAO noted positive initiatives by the Social Insurance ... of each system, still, the prevention of incorrect payments needs strategic support to be really effective.
Full description
/> The Swedish NAO audited the work of the Government and the Swedish Social Insurance Agency to prevent incorrect payments in the period 2012–2015. The audit focused on the benefits for which the Swedish Social ... Insurance Agency is responsible. The audited benefits account for half of the insurance expenditure, half of the payments that are incorrect and for more than 70 per cent of the amount the Swedish Social ... Insurance Agency demands back every year. These benefits are assistance allowance, housing allowance, sickness compensation, parental benefit and temporary parental benefit. The selection is deemed to provide ... Balance of priorities needed to reduce incorrect payments ... Agency in this regard. However they found also, that serious problems can stem from giving higher priority to the speed of payment and customers satisfaction. They both are undoubtedly important features ... Role of social insurance in public finance is so substantial that reduction of incorrect payments' volume is matter of huge savings. The Swedish NAO noted positive initiatives by the Social Insurance ... of each system, still, the prevention of incorrect payments needs strategic support to be really effective.
Full description
Swedish National Audit Office
, issued in 2016
Risk cases: 3
The National Government Service Centre – Has administration become more effective?
The purpose of this audit has been to investigate whether the Service Centre has made administrative operational support functions taken over from client agencies more effective, and to find ... explanations for the results so far achieved by the Service Centre. The audit has also aspired to illustrate how agencies that do not subscribe to the services regard their potential for doing so ... . These viewpoints have been analysed with a special focus on the conditions that applied to the Service Centre when it was formed and the measures taken by the Government and the Service Centre in the first years. ... ... Has Swedish public administration become more effective? ... The Service Centre – payroll and financial administration IT system for Swedish public agencies under the government – has achieved the target of a subscription rate of 25 per cent of the total ... of agencies' subscription to the Service Centre’s services was limited to start with. For example, the Service Centre’s operational targets for subscription did not refer to agency size, which is important ... in achieving economies of scale. In addition, the Government has instructed agencies to review the question of subscription and report their reasons for delaying subscription.
Full description
The purpose of this audit has been to investigate whether the Service Centre has made administrative operational support functions taken over from client agencies more effective, and to find ... explanations for the results so far achieved by the Service Centre. The audit has also aspired to illustrate how agencies that do not subscribe to the services regard their potential for doing so ... . These viewpoints have been analysed with a special focus on the conditions that applied to the Service Centre when it was formed and the measures taken by the Government and the Service Centre in the first years. ... ... Has Swedish public administration become more effective? ... The Service Centre – payroll and financial administration IT system for Swedish public agencies under the government – has achieved the target of a subscription rate of 25 per cent of the total ... of agencies' subscription to the Service Centre’s services was limited to start with. For example, the Service Centre’s operational targets for subscription did not refer to agency size, which is important ... in achieving economies of scale. In addition, the Government has instructed agencies to review the question of subscription and report their reasons for delaying subscription.
Full description
Swedish National Audit Office
, issued in 2016
Risk cases: 2
IT Support in the Judicial Chain
The Swedish National Audit Office has examined how well agencies in the judicial chain have handled known flaws in their IT support and whether the Government’s control mechanisms have provided ... the agencies with sufficient prerequisites to expand and improve IT support. ... ... Needed: good conditions by government, better steering and control by authorities ... Despite many years’ of work to modernize the IT support within the judiciary, there are still many deficiencies. The Government has not given the authorities good conditions enough to lead the work ... . The authorities, in their turn, need to improve their steering and control, as well as interact to a much higher degree.
Full description
The Swedish National Audit Office has examined how well agencies in the judicial chain have handled known flaws in their IT support and whether the Government’s control mechanisms have provided ... the agencies with sufficient prerequisites to expand and improve IT support. ... ... Needed: good conditions by government, better steering and control by authorities ... Despite many years’ of work to modernize the IT support within the judiciary, there are still many deficiencies. The Government has not given the authorities good conditions enough to lead the work ... . The authorities, in their turn, need to improve their steering and control, as well as interact to a much higher degree.
Full description
Swedish National Audit Office
, issued in 2011
Risk cases: 3
Quality of public services in information society in 2010
. Information about the services is still difficult to find on websites and people who use public services must still submit unjustified documents, proof of facts or go to administrative agencies in person ... if this is acceptable to the person in question. Even though state and local government agencies have made efforts to implement the principles of good administration, the National Audit Office cannot affirm ... The National Audit Office found that irrespective of a few positive changes, the quality of provision of public services in information society has not improved significantly in comparison to 2007 ... ... The quality of public services has been improved but still isn’t good enough ... is still difficult to find on websites and people who use public services must still submit unjustified documents, proof of facts or go to administrative agencies in person. ... Irrespective of a few positive changes, the quality of provision of public services in information society has not improved significantly in comparison to 2007. Information about the services
Full description
. Information about the services is still difficult to find on websites and people who use public services must still submit unjustified documents, proof of facts or go to administrative agencies in person ... if this is acceptable to the person in question. Even though state and local government agencies have made efforts to implement the principles of good administration, the National Audit Office cannot affirm ... The National Audit Office found that irrespective of a few positive changes, the quality of provision of public services in information society has not improved significantly in comparison to 2007 ... ... The quality of public services has been improved but still isn’t good enough ... is still difficult to find on websites and people who use public services must still submit unjustified documents, proof of facts or go to administrative agencies in person. ... Irrespective of a few positive changes, the quality of provision of public services in information society has not improved significantly in comparison to 2007. Information about the services
Full description
National Audit Office of Estonia
, issued in 2010
Risk cases: 2
Performance Audit of the Management of ICT in the Criminal Justice Sector
The Norwegian OAG has assesed how the Ministry of Justice and Public Security has discharged its responsibility for effiecient case processing through developing and applying Information ... and Communications Technology (ICT) in the criminal justice sector ... ... Unclear signals from a Ministry weaken development of ICT in the justice chain ... reporting from the subordinate agencies, ensuring that the new ICT Police System takes into account other sub-sectors need for electronic interaction. ... Points by SAI Norway: development of an overall rolling action plan based on the current ICT (Information and Communication Technology) strategy for the justice sector, performance-oriented
Full description
The Norwegian OAG has assesed how the Ministry of Justice and Public Security has discharged its responsibility for effiecient case processing through developing and applying Information ... and Communications Technology (ICT) in the criminal justice sector ... ... Unclear signals from a Ministry weaken development of ICT in the justice chain ... reporting from the subordinate agencies, ensuring that the new ICT Police System takes into account other sub-sectors need for electronic interaction. ... Points by SAI Norway: development of an overall rolling action plan based on the current ICT (Information and Communication Technology) strategy for the justice sector, performance-oriented
Full description
Office of the Auditor General of Norway
, issued in 2012
Risk cases: 2
Report to on the user-friendliness and user involvement in the development of e-government services in Denmark
e-government services: - NemID (EasyID – the Danish public sector common digital signature solution), The Danish Agency for Digitisation (the Ministry of Finance); - TastSelv Borger (E-tax self-service ... The e-government user-friendliness requirements are divided into five overall categories: language, design and flow, data and functionality, and accessibility. 1) The objective of the study ... is to provide an assessment of the authorities’ efforts to ensure that e-government services are user-friendly. The report answers the following questions: - Have the authorities involved the users ... ... User-friendliness of public services should be consistenty required and tested ... The Danish Rigsrevisionen is of the opinion that the user-friendliness of the services can be improved if the authorities meet all the requirements of the Danish Agency for Digitisation concerning ... the matter. The audit covered user-friendliness related problems in case of five systems, before and after the launch. The systems take-up was also considered, as well as communicating with citizens who ... are unable to use digital services.
Full description
e-government services: - NemID (EasyID – the Danish public sector common digital signature solution), The Danish Agency for Digitisation (the Ministry of Finance); - TastSelv Borger (E-tax self-service ... The e-government user-friendliness requirements are divided into five overall categories: language, design and flow, data and functionality, and accessibility. 1) The objective of the study ... is to provide an assessment of the authorities’ efforts to ensure that e-government services are user-friendly. The report answers the following questions: - Have the authorities involved the users ... ... User-friendliness of public services should be consistenty required and tested ... The Danish Rigsrevisionen is of the opinion that the user-friendliness of the services can be improved if the authorities meet all the requirements of the Danish Agency for Digitisation concerning ... the matter. The audit covered user-friendliness related problems in case of five systems, before and after the launch. The systems take-up was also considered, as well as communicating with citizens who ... are unable to use digital services.
Full description
National Audit Office of Denmark
, issued in 2013
Risk cases: 2
Submission of data to national databases in municipalities, towns and cities
The National Audit Office analysed the activities of the database managers following a ruling made by the Supreme Court in 2010, which stated that the public functions assigned to local authorities ... must be clearly financed from the state budget. It was also assessed whether the measures taken by database managers have been sufficient to guarantee that local authorities submit all required data ... and that these data are correct. ... ... Funds as basic factor of data processing ... The NAO of Estonia audited the activities of state agencies in the management of the database selected for the audit, to which local authorities are obliged to submit data. It was found that in most ... cases the state does not compensate the costs of data submission for local governments.
Full description
The National Audit Office analysed the activities of the database managers following a ruling made by the Supreme Court in 2010, which stated that the public functions assigned to local authorities ... must be clearly financed from the state budget. It was also assessed whether the measures taken by database managers have been sufficient to guarantee that local authorities submit all required data ... and that these data are correct. ... ... Funds as basic factor of data processing ... The NAO of Estonia audited the activities of state agencies in the management of the database selected for the audit, to which local authorities are obliged to submit data. It was found that in most ... cases the state does not compensate the costs of data submission for local governments.
Full description
National Audit Office of Estonia
, issued in 2013
Risk cases: 1
Effectiveness of internal controls in the protection of personal data in national databases
The NAO analysed seven national databases in order to find out how the legitimate use of personal data is ensured. In accordance with the Personal Data Protection Act, the agencies who run databases ... must ensure that personal data is protected from abuse. The information system of the database must function appropriately, incl. be reliable and safe. Log files must be retained of all instances ... of viewing, amending, deleting, transmitting of data, etc. These files must allow ex-post determination of who did what, why, when and using which data. In its audit the NAO focused on the functioning ... ... Basic controls analysis can fail in data protection ... Estonian SAI analyzed personal data safety. Main finding were: poor log analysis and unprotected data.
Full description
The NAO analysed seven national databases in order to find out how the legitimate use of personal data is ensured. In accordance with the Personal Data Protection Act, the agencies who run databases ... must ensure that personal data is protected from abuse. The information system of the database must function appropriately, incl. be reliable and safe. Log files must be retained of all instances ... of viewing, amending, deleting, transmitting of data, etc. These files must allow ex-post determination of who did what, why, when and using which data. In its audit the NAO focused on the functioning ... ... Basic controls analysis can fail in data protection ... Estonian SAI analyzed personal data safety. Main finding were: poor log analysis and unprotected data.
Full description
National Audit Office of Estonia
, issued in 2008
Risk cases: 2
Report to the Public AccountsCommittee on mitigation of cyber attacks
This report concerns the action taken by Danish government bodies to prevent cyber attacks. Behaving sensibly in cyberspace to avoid attacks is important, but should be supplemented by technical ... security controls that can increase security and mitigate cyber attacks. International studies have concluded that three central security controls can prevent the majority of the currently known types ... of attacks: - technical restriction of download of programmes; - limited use of local administrators; - systematic software updates. Rigsrevisionen has assessed whether the government bodies in the study ... Three basic security measures are often neglected ... Government agencies are open for cyber attacks because they often forget to respect three basic IT security measures. The three measures are: 1. technical restriction on programs downloading; 2 ... . limited use of local administrators rights; 3. systematic software updates.
Full description
This report concerns the action taken by Danish government bodies to prevent cyber attacks. Behaving sensibly in cyberspace to avoid attacks is important, but should be supplemented by technical ... security controls that can increase security and mitigate cyber attacks. International studies have concluded that three central security controls can prevent the majority of the currently known types ... of attacks: - technical restriction of download of programmes; - limited use of local administrators; - systematic software updates. Rigsrevisionen has assessed whether the government bodies in the study ... Three basic security measures are often neglected ... Government agencies are open for cyber attacks because they often forget to respect three basic IT security measures. The three measures are: 1. technical restriction on programs downloading; 2 ... . limited use of local administrators rights; 3. systematic software updates.
Full description
National Audit Office of Denmark
, issued in 2013
Risk cases: 3