Report to the Public AccountsCommittee on mitigation of cyber attacks
security controls that can increase security and mitigate cyber attacks. International studies have concluded that three central security controls can prevent the majority of the currently known types ... have addressed the risk of cyber attacks and whether they have implemented these three security controls. ... This report concerns the action taken by Danish government bodies to prevent cyber attacks. Behaving sensibly in cyberspace to avoid attacks is important, but should be supplemented by technical ... Three basic security measures are often neglected ... Government agencies are open for cyber attacks because they often forget to respect three basic IT security measures. The three measures are: 1. technical restriction on programs downloading; 2 ... . limited use of local administrators rights; 3. systematic software updates.
Full description

Information Technology Cost Estimation Agencies Need to Address Significant Weakness in Policies and Practices
and agencies have appropriately implement costestimating policies an procedures(four caracteristics of a reliable cost estimation: comprehensive, well-documented, accurate, credible). ... To estimate reliable cost for the sucess of an IT program by providing the basis for the informed decision making and realistic budget information. To assess the extent to which selected departments ... IT cost estimation ... Check out what may go wrong with the information technology cost estimation. Results of the US GAO audit can help to identify high risk areas: comprehensiveness of estimations, their documentation ... , lack of adequacy and inadequate implementation.
Full description

IT security in the Federal Administration
The SFAO has audited the Admin PKI – the basic infrastructure and offering for the issuing of digital certificates – within the Federal Office of Information Technology, Systems and Telecommunication ... (FOITT). The examination concentrated on assessing the development and current operation as well as future prospects. Admin PKI refers to all processes and the hardware and software needed for issuing ... certificates of different grades. ... Technical and organizational deficiencies work together against data security ... Only minor deficiencies were revealed in the Windows environment but only in case of Microsoft products.Providers' lack of both assertiveness and synergy adds to 'the great unknown' of authonomous ... entities' networks.
Full description

Opportunities Exist for SEC to Improve Its Controls over Financial Systems and Data
of SEC’s key financial systems and information. To do this, GAO examined information security policies, plans, and procedures; tested controls over key financial applications; interviewed agency officials ... The SEC is responsible for enforcing securities laws, issuing rules and regulations that provide protection for investors, and helping to ensure that the securities markets are fair and honest ... . In carrying out its mission, the SEC relies on computerized information systems to collect, process, and store sensitive information, including financial data. Having effective information security controls ... IT security basics under scrutiny ... Financial audit by US GAO was accompanied by an IT examination focused on information security measures in the Securities and Exchange Commission (SEC). GAO found that SEC’s systems could ... be compromised, because of risks jeopardizing the confidentiality, integrity, and availability of sensitive financial information.
Full description

Management and protection of assets in the field of the information-communication technologies at the ME SR
internal and security directives, unidentified critical and strategic Information Systems (IS), absolutely unsatisfying principles, procedures, conditions and policy relating to the data backuping (and ... control of backup's functionality), restoring and security, possibility of unauthorised persons to access the IS and data, which increases the risk of information leakage and security risk, and inadequate ... physical security of the areas related to the IT. All these irregularities are results of poor coordination, administration, organization, governance and operation management in the field of the ICT ... ... Started from contracting, ended in security ... and ended in exposing the organization to high security risks. ... The perceptive and filled with findings audit - conducted by the Slovak SAI - discovered the list of issues which started in careless contracting procedures, failure to update the development concept
Full description

Performance Audit of the Georgian Government electronic Procurement system
and fraud, which in return supports the successful implementation of country’s anti-corruption policy. To develop such environment, the system must provide confidentiality, integrity and availability ... of existing data through effective procurement policies and procedures. <br /> Having considered aforementioned factors, SAO conducted performance audit of the Georgian electronic Government Procurement system ... State procurement is one of the key components of public financial management. Its share in state budget is approximately 25 percent. Effective management of state procurements is an important sphere ... ... Electronic procurement system - how effective are management and control mechanisms? ... SAI Georgia analyzed the electronic Government Procurement system. In their report they focus on compliance and security problems, which may harm the business goals and overall mission of the system.
Full description

Business Continuity Management
Business Continuity Management is a process whereby all necessary measures are taken to ensure that a company can accomplish its core tasks on time even in extraordinary situations. The Swiss Federal ... Audit Office (SFAO) previously carried out a cross-section audit in 2009 on the BCM measures at nine administrative units of the central Federal Administration. This year’s audit focused ... on the decentralised Federal Administration as well as the Swiss Federal Railways (rail transport and ticket sales) and Swiss Post (PostFinance, Swiss Post Solutions, PostBus). ... ... A cross-section audit on business continuity management (BCM) ... The audit points, among others, at a necessary but difficult process chain: Policy - Analysis - Strategy - Planning - Training.
Full description

Management and protection of assets in the field of the information-communication technologies at the AO SR
and security of the information-communication technologies (ICT) and the information systems of the public administration (ISPA) as well as the state assets administration, the economy and disposal ... and security of assets of the information systems (IS), in the area of business continuity and the IS restoring and also several cases of lawbreaking in the field of accounting. ... The Supreme Audit office of the Slovak Republic (SAO SR) has executed the audit at the Antimonopoly Office of the Slovak Republic (AO SR) for the audit period 2010 and 2011 to verify the operation ... ... ... Failure to comply with the law leads to unnecessary jeopardizing of data security ... SR) exposed several deficiencies related to the information systems and the data security as a consequence of a lawbreaking. ... The audit in the field of the information systems of the public administration (ISPA) executed by the Supreme Audit Office of the Slovak Republic at the Antimonopoly Office of the Slovak Republic (AO
Full description

Performance Audit of Public Debt Management Information Systems
of information systems in the public debt management process and having considered legal requirements to information security, State Audit Office of Georgia conducted Performance Audit of Public Debt Management ... implemented by the Public Debt and External Financing Department of the MOF. Hereby, the audit team also to assessed systems’ data integrity and security. In the course of the audit, the audit team also studied ... The usage and development of the information technologies in public financial management is an important priority of the country at the phase of intensive implementation of electronic governance ... ... More effective IT governance needed ... financial institutions. Audit conducted by the State Audit Office of Georgia has revealed security and governance shortcomings related to management and usage of these systems. ... Importance of effective performance of public debt management e-systems may be explained by the world’s increased dependence on such systems. In parallel with the performance audit of debt management ... information systems of the Ministry Of Finance of Georgia, Supreme Audit Institutions of 11 countries also studied this topic, both in terms of systems’ performance and their practical application by local
Full description

Traffic Ticketing information system
The audit included two areas of focus - the environment surrounding the Traffic Ticketing Information System - the System (designed to input, process, manage and collect payment for the traffic ... tickets) and also the internal environment of the System that guarantees the quality of its performance and safety. ... Security can hinder effectiveness ... SAI of Kuwait analysed system supporting collection of the traffic tickets - data input, processing and management. What was found was lack of basic safety measures, that hindered the effectiveness ... of the system.
Full description