81
results found in
10 ms
Page 2
of 9
CYBERSECURITY: Implementation of Executive Order Requirements Is Essential to Address Key Actions
GAO continues to review and report status of information security - the high-risk area for more than 25 years already. Special focus is on federal cybersecurity challenges. An average of approximately 31,492 incidents per year for fiscal years 2017 through 2022 were reported by responsible Government bodies. In fiscal year 2022, agencies reported experiencing 30,659 incidents.
Full description
GAO continues to review and report status of information security - the high-risk area for more than 25 years already. Special focus is on federal cybersecurity challenges. An average of approximately 31,492 incidents per year for fiscal years 2017 through 2022 were reported by responsible Government bodies. In fiscal year 2022, agencies reported experiencing 30,659 incidents.
Full description
US Government Accountability Office
, issued in 2024
Risk cases: $risks.size()
Cyber security resilience of the Danish public sector II
Danish NAO underlines that public authorities depend on IT to deliver their services. Thus, major IT problems and loss of data relating to critical IT systems can have far-reaching consequences for the government, citizens and companies. The audit focused on IT contingency plans, secure continuity of operations and mitigation of the consequences of system breakdowns or data losses in the event of major IT breakdowns. Approximately 90 of the government's IT systems are assessed to be critical by the departments.
Full description
Danish NAO underlines that public authorities depend on IT to deliver their services. Thus, major IT problems and loss of data relating to critical IT systems can have far-reaching consequences for the government, citizens and companies. The audit focused on IT contingency plans, secure continuity of operations and mitigation of the consequences of system breakdowns or data losses in the event of major IT breakdowns. Approximately 90 of the government's IT systems are assessed to be critical by the departments.
Full description
National Audit Office of Denmark
, issued in 2023
Risk cases: $risks.size()
Traffic Ticketing information system
The audit included two areas of focus - the environment surrounding the Traffic Ticketing Information System - the System (designed to input, process, manage and collect payment for the traffic ... tickets) and also the internal environment of the System that guarantees the quality of its performance and safety. ... Security can hinder effectiveness ... SAI of Kuwait analysed system supporting collection of the traffic tickets - data input, processing and management. What was found was lack of basic safety measures, that hindered the effectiveness ... of the system.
Full description
The audit included two areas of focus - the environment surrounding the Traffic Ticketing Information System - the System (designed to input, process, manage and collect payment for the traffic ... tickets) and also the internal environment of the System that guarantees the quality of its performance and safety. ... Security can hinder effectiveness ... SAI of Kuwait analysed system supporting collection of the traffic tickets - data input, processing and management. What was found was lack of basic safety measures, that hindered the effectiveness ... of the system.
Full description
State Audit Bureau of Kuwait
, issued in 2014
Risk cases: 3
Oversight of law enforcement agencies - An audit of the Swedish Commission on Security and IntegrityProtection
The Swedish NAO audited Commission focusing on integrity across law enforcement agencies. Among findings were: lack of clarity on the administrative support it receives and a risk of tasks unbalanced with capacities. The Commission supervises the following law enforcement agencies; the Police Authority, the Swedish Security Service, the National Economic Crimes Bureau, the Swedish Prosecution Authority and the Swedish Customs Service. The activities of these agencies is to a great extent subject to secrecy and restricted transparency. Consequently, to maintain public confidence it is important that the activities are legally secure and that supervision is appropriate and effective.
Full description
The Swedish NAO audited Commission focusing on integrity across law enforcement agencies. Among findings were: lack of clarity on the administrative support it receives and a risk of tasks unbalanced with capacities. The Commission supervises the following law enforcement agencies; the Police Authority, the Swedish Security Service, the National Economic Crimes Bureau, the Swedish Prosecution Authority and the Swedish Customs Service. The activities of these agencies is to a great extent subject to secrecy and restricted transparency. Consequently, to maintain public confidence it is important that the activities are legally secure and that supervision is appropriate and effective.
Full description
Swedish National Audit Office
, issued in 2016
Risk cases: $risks.size()
Material–technical supply of the State Police
. The audit included inspections performed at the State Police, the Ministry of the Interior and the Information Centre and focused on: the Biometric data processing system and the Criminal Procedure ... The main aim of the audit was to obtain assurance about whether the State budget funds allocated for material–technical supply of functions of the State Police were legitimate and efficient ... information system. ... ... Essential role of pre-project evaluation ... SAI of Latvia reveals chain of events that lead to unsuccessful implemenation of two important IS of the State police. What started with an absence of the strategy ended up with budget, time ... overruns and an IS not ready for effiecient use.
Full description
. The audit included inspections performed at the State Police, the Ministry of the Interior and the Information Centre and focused on: the Biometric data processing system and the Criminal Procedure ... The main aim of the audit was to obtain assurance about whether the State budget funds allocated for material–technical supply of functions of the State Police were legitimate and efficient ... information system. ... ... Essential role of pre-project evaluation ... SAI of Latvia reveals chain of events that lead to unsuccessful implemenation of two important IS of the State police. What started with an absence of the strategy ended up with budget, time ... overruns and an IS not ready for effiecient use.
Full description
State Audit Office of the Republic of Latvia
, issued in 2013
Risk cases: 6
Extract from the report to the Public Accounts Committee on the access to IT systems that support the provision of essential services to the Danish society
The report is focused on the significant risk that is associated with inadequate management and control of domain administrator privileges, which makes it possible for unauthorized persons to obtain ... access to the IT systems and data of the institutions. Rigsrevisionen has not examined for what specific purposes unauthorized access to the institutions’ systems and data can be used. ... ... Inadequate management and control of domain administrator privileges ... The Danish report concerns the measures - taken by six government institutions of various branches of State activities - to protect IT systems and data that support the provision of essential ... services to the Danish society from unauthorized access, obtained on the basis of domain administrator privileges.
Full description
The report is focused on the significant risk that is associated with inadequate management and control of domain administrator privileges, which makes it possible for unauthorized persons to obtain ... access to the IT systems and data of the institutions. Rigsrevisionen has not examined for what specific purposes unauthorized access to the institutions’ systems and data can be used. ... ... Inadequate management and control of domain administrator privileges ... The Danish report concerns the measures - taken by six government institutions of various branches of State activities - to protect IT systems and data that support the provision of essential ... services to the Danish society from unauthorized access, obtained on the basis of domain administrator privileges.
Full description
National Audit Office of Denmark
, issued in 2015
Risk cases: 4
The development and use of identification services in public administration
with legislation in procuring services. The audit also examined development, control and monitoring structures regarding identification services. The audit focused on electronic identification services that are used ... The audit examined the implementation and coordination of projects aimed at developing identification services in public administration, cooperation among authorities in this area and compliance ... in public administration's electronic transactions. ... ... Unhealthy competition linked with lack of coordinatnion and with procurement irregularities ... See what may go wrong with the IT public procurement. Check out what is the basis to avoid irregularities or omissions in complying with public procurement legislation. National Audit Office ... of Finland identified also risks resulting from lack of horizontal coordination.
Full description
with legislation in procuring services. The audit also examined development, control and monitoring structures regarding identification services. The audit focused on electronic identification services that are used ... The audit examined the implementation and coordination of projects aimed at developing identification services in public administration, cooperation among authorities in this area and compliance ... in public administration's electronic transactions. ... ... Unhealthy competition linked with lack of coordinatnion and with procurement irregularities ... See what may go wrong with the IT public procurement. Check out what is the basis to avoid irregularities or omissions in complying with public procurement legislation. National Audit Office ... of Finland identified also risks resulting from lack of horizontal coordination.
Full description
National Audit Office of Finland
, issued in 2008
Risk cases: 3
Business Continuity Management
Audit Office (SFAO) previously carried out a cross-section audit in 2009 on the BCM measures at nine administrative units of the central Federal Administration. This year’s audit focused ... Business Continuity Management is a process whereby all necessary measures are taken to ensure that a company can accomplish its core tasks on time even in extraordinary situations. The Swiss Federal ... on the decentralised Federal Administration as well as the Swiss Federal Railways (rail transport and ticket sales) and Swiss Post (PostFinance, Swiss Post Solutions, PostBus). ... ... A cross-section audit on business continuity management (BCM) ... The audit points, among others, at a necessary but difficult process chain: Policy - Analysis - Strategy - Planning - Training.
Full description
Audit Office (SFAO) previously carried out a cross-section audit in 2009 on the BCM measures at nine administrative units of the central Federal Administration. This year’s audit focused ... Business Continuity Management is a process whereby all necessary measures are taken to ensure that a company can accomplish its core tasks on time even in extraordinary situations. The Swiss Federal ... on the decentralised Federal Administration as well as the Swiss Federal Railways (rail transport and ticket sales) and Swiss Post (PostFinance, Swiss Post Solutions, PostBus). ... ... A cross-section audit on business continuity management (BCM) ... The audit points, among others, at a necessary but difficult process chain: Policy - Analysis - Strategy - Planning - Training.
Full description
Swiss Federal Audit Office
, issued in 2010
Risk cases: 1
Effectiveness of internal controls in the protection of personal data in national databases
of viewing, amending, deleting, transmitting of data, etc. These files must allow ex-post determination of who did what, why, when and using which data. In its audit the NAO focused on the functioning ... The NAO analysed seven national databases in order to find out how the legitimate use of personal data is ensured. In accordance with the Personal Data Protection Act, the agencies who run databases ... must ensure that personal data is protected from abuse. The information system of the database must function appropriately, incl. be reliable and safe. Log files must be retained of all instances ... ... Basic controls analysis can fail in data protection ... Estonian SAI analyzed personal data safety. Main finding were: poor log analysis and unprotected data.
Full description
of viewing, amending, deleting, transmitting of data, etc. These files must allow ex-post determination of who did what, why, when and using which data. In its audit the NAO focused on the functioning ... The NAO analysed seven national databases in order to find out how the legitimate use of personal data is ensured. In accordance with the Personal Data Protection Act, the agencies who run databases ... must ensure that personal data is protected from abuse. The information system of the database must function appropriately, incl. be reliable and safe. Log files must be retained of all instances ... ... Basic controls analysis can fail in data protection ... Estonian SAI analyzed personal data safety. Main finding were: poor log analysis and unprotected data.
Full description
National Audit Office of Estonia
, issued in 2008
Risk cases: 2
Management of Police Information Resources
to the classified information. The police department has all of these information resources, so the audit focused on the activities and actions of the Department to ensure planning and organizing of the recourses ... Police tasks of the necessary data are processed departmental registers, information systems, automated data processing systems and networks where information is stored, processed and transferred ... , monitoring, evaluation and coordination and other aspects of registers and IS strategic management. The audited period was 2012-2014. For the analysis, there were used previous data and data of 2015 ... ... Fundamentals of IT organisation ... Review by SAI Lithuania makes readers aware that nowadays it is difficult to develop a larger IT system without whole conceptual infrastracture: planning composed into strategy of the organisation ... and well understood architecture of information. Well functioning IT management structures, which on the other hand may sound trivial, were proved here as the key to success.
Full description
to the classified information. The police department has all of these information resources, so the audit focused on the activities and actions of the Department to ensure planning and organizing of the recourses ... Police tasks of the necessary data are processed departmental registers, information systems, automated data processing systems and networks where information is stored, processed and transferred ... , monitoring, evaluation and coordination and other aspects of registers and IS strategic management. The audited period was 2012-2014. For the analysis, there were used previous data and data of 2015 ... ... Fundamentals of IT organisation ... Review by SAI Lithuania makes readers aware that nowadays it is difficult to develop a larger IT system without whole conceptual infrastracture: planning composed into strategy of the organisation ... and well understood architecture of information. Well functioning IT management structures, which on the other hand may sound trivial, were proved here as the key to success.
Full description
National Audit Office of the Republic of Lithuania
, issued in 2015
Risk cases: 4