87
results found in
12 ms
Page 2
of 9
Correct information at the right time in healthcare and nursing – collaboration without effect?
The Swedish National Audit Office has conducted an audit to determine whether Government initiatives have contributed to the objective that authorised healthcare staff shall have access to the right ... patient information at the right time by means of direct electronic access. ... ... Information share is crucial for competitive health care ... Health and social care staff has very limited access to patient information from other care-giving institutions, which may lead to health damage and wrong-treatment. The cooperation between ... the Government and the municipalities must improve if the investments in better access to common patient information shall get impact in practice.
Full description
The Swedish National Audit Office has conducted an audit to determine whether Government initiatives have contributed to the objective that authorised healthcare staff shall have access to the right ... patient information at the right time by means of direct electronic access. ... ... Information share is crucial for competitive health care ... Health and social care staff has very limited access to patient information from other care-giving institutions, which may lead to health damage and wrong-treatment. The cooperation between ... the Government and the municipalities must improve if the investments in better access to common patient information shall get impact in practice.
Full description
Riksrevisionen (Swedish National Audit Office)
, issued in 2011
Risk cases: 3
The protection of IT systems and health data in three Danish regions
Security to be improved in IT systems with health data It is Rigsrevisionen’s assessment that the three regions are not protecting the access to IT systems and health data in a satisfactory manner. As a consequence, unauthorised persons might gain access to sensitive and confidential personal data, which could affect there liability and availability of important health data used in the treatment of hospital patients. Based on the results of the study and the current threat scenario, Rigsrevisionen finds that basic security measures against cyber attacks and protection of access to IT systems and health data should be a top priority for Denmark’s five regions. Basic security measures in combination with management and control of user privileges can reduce the risk of compromising the regions’ IT systems and data considerably.
Full description
Security to be improved in IT systems with health data It is Rigsrevisionen’s assessment that the three regions are not protecting the access to IT systems and health data in a satisfactory manner. As a consequence, unauthorised persons might gain access to sensitive and confidential personal data, which could affect there liability and availability of important health data used in the treatment of hospital patients. Based on the results of the study and the current threat scenario, Rigsrevisionen finds that basic security measures against cyber attacks and protection of access to IT systems and health data should be a top priority for Denmark’s five regions. Basic security measures in combination with management and control of user privileges can reduce the risk of compromising the regions’ IT systems and data considerably.
Full description
National Audit Office of Denmark
, issued in 2018
Risk cases: 3
The information system of the Public Real Estate Registry does not enable the recording of data in a completely efficient manner
Users to be involved SAI Serbia analysed the Public Real Estate Registry. Starting from missing involvement of users, primary goals of the project were not met. Key issues regarding data input and access are discussed in the text.
Full description
Users to be involved SAI Serbia analysed the Public Real Estate Registry. Starting from missing involvement of users, primary goals of the project were not met. Key issues regarding data input and access are discussed in the text.
Full description
State Audit Institution
, issued in 2019
Risk cases: 3
The protection of research data at the Danish universities
The protection of research data at the Danish universities It is Rigsrevisionen’s assessment that the five largest universities are not adequately protecting their research data against unknown IT equipment. As a result, foreign actors may relatively easy gain unauthorized access to the universities’ research data.This is not considered satisfactory by Rigsrevisionen. The study shows that the five largest universities have defined guidelines for researchers’ use of software and hardware centrally, but that they have failed to centralise efforts to maintain a satisfactory level of security for research data. This is due mainly to the fact that, at some universities, researchers are allowed to bring their own devices,and at all the universities, researchers are allowed to have local administrator privileges, which gives them access to install software. Additionally, all five universities know of incidents where unknown hardware has been connected to their network.
Full description
The protection of research data at the Danish universities It is Rigsrevisionen’s assessment that the five largest universities are not adequately protecting their research data against unknown IT equipment. As a result, foreign actors may relatively easy gain unauthorized access to the universities’ research data.This is not considered satisfactory by Rigsrevisionen. The study shows that the five largest universities have defined guidelines for researchers’ use of software and hardware centrally, but that they have failed to centralise efforts to maintain a satisfactory level of security for research data. This is due mainly to the fact that, at some universities, researchers are allowed to bring their own devices,and at all the universities, researchers are allowed to have local administrator privileges, which gives them access to install software. Additionally, all five universities know of incidents where unknown hardware has been connected to their network.
Full description
National Audit Office of Denmark
, issued in 2018
Risk cases: 3
For the sake of security – intelligence sharing between the Police Authority and the Swedish Security Service
Cooperation between Police and Security Service The Swedish NAO audited whether the Police Authority and the Swedish Security Service share intelligence effectively to prevent and combat violent extremism and terrorism. In this highly non-typical environment, some universal rules turned out to be still valid. We would like to emphasise role of : organizational patterns, information access rights and sincere feedback.
Full description
Cooperation between Police and Security Service The Swedish NAO audited whether the Police Authority and the Swedish Security Service share intelligence effectively to prevent and combat violent extremism and terrorism. In this highly non-typical environment, some universal rules turned out to be still valid. We would like to emphasise role of : organizational patterns, information access rights and sincere feedback.
Full description
Swedish National Audit Office
, issued in 2018
Risk cases: 3
Cyber Attacks: Securing Agencies’ICT Systems
were considered serious enough to warrant a Cyber Security Operations Centre response. <br/> The protection of Australian Government systems and information from unauthorised access and use is a key ... of sensitive personal information. Unauthorised access through electronic means, also known as cyber intrusions, can result from the actions of outside individuals or organisations. Individuals operating from ... within government may also misuse information which they are authorised to access, or may inappropriately access and use government information holdings. <br/> Audit objective was to assess selected ... ... Cyber-security strategy needs consistent implementation and periodic reviews ... List of 35 mitigation controls against cyber intrusions are a basic tool of information security strategy of the Australian Government. Top four are: 1. application whitelisting, 2. patching ... application, 3. patching operating systems, 4. minimising administrative privileges. Analysis by the ANAO helps to fill gaps and to direct next steps.
Full description
were considered serious enough to warrant a Cyber Security Operations Centre response. <br/> The protection of Australian Government systems and information from unauthorised access and use is a key ... of sensitive personal information. Unauthorised access through electronic means, also known as cyber intrusions, can result from the actions of outside individuals or organisations. Individuals operating from ... within government may also misuse information which they are authorised to access, or may inappropriately access and use government information holdings. <br/> Audit objective was to assess selected ... ... Cyber-security strategy needs consistent implementation and periodic reviews ... List of 35 mitigation controls against cyber intrusions are a basic tool of information security strategy of the Australian Government. Top four are: 1. application whitelisting, 2. patching ... application, 3. patching operating systems, 4. minimising administrative privileges. Analysis by the ANAO helps to fill gaps and to direct next steps.
Full description
The Australian National Audit Office
, issued in 2014
Risk cases: 3
Management of IT security in systems outsourced to external suppliers
Security to be improved in IT processes outsourced to external suppliers When IT processes are outsourced to external suppliers, the authorities no longer have direct control of the IT security, but remain responsible for managing the security of the IT. Authorities that fail to manage IT security actively based on risk assessments, and omit to monitor the implementation of these requirements, will not be able to determine if the level of IT security in the outsourced systems safeguards their systems and data. This is how the conclusion of the Rigsrevisionen starts. The Danish auditors noticed improvement in the audited entities, but they add that tha majority of the auditees: can refine their requirements for and follow-up on access control and logging practices
Full description
Security to be improved in IT processes outsourced to external suppliers When IT processes are outsourced to external suppliers, the authorities no longer have direct control of the IT security, but remain responsible for managing the security of the IT. Authorities that fail to manage IT security actively based on risk assessments, and omit to monitor the implementation of these requirements, will not be able to determine if the level of IT security in the outsourced systems safeguards their systems and data. This is how the conclusion of the Rigsrevisionen starts. The Danish auditors noticed improvement in the audited entities, but they add that tha majority of the auditees: can refine their requirements for and follow-up on access control and logging practices
Full description
National Audit Office of Denmark
, issued in 2016
Risk cases: 3
Coordinated Audit on Information Technology Governance
IT governance needs awareness and SAIs' support The OLACEFS auditors found that the greatest challenge for the SAIs is to raise the awareness of the audit institutions about the importance of IT governance and the benefits that could be obtained by improving its degree of maturity. The audit was conducted by 11 SAIs and coordinated by TCU of Brasil. They concluded: 'It is important, even urgent, to invest resources to implement or enhance: the IT committees; the IT planning process; strategic IT planning; monitoring the IT contracting process; the business continuity plan; the designation of a responsible person or unit to manage security information; a risk management process; an asset inventory process; an information security committee; and a policy for access control.'
Full description
IT governance needs awareness and SAIs' support The OLACEFS auditors found that the greatest challenge for the SAIs is to raise the awareness of the audit institutions about the importance of IT governance and the benefits that could be obtained by improving its degree of maturity. The audit was conducted by 11 SAIs and coordinated by TCU of Brasil. They concluded: 'It is important, even urgent, to invest resources to implement or enhance: the IT committees; the IT planning process; strategic IT planning; monitoring the IT contracting process; the business continuity plan; the designation of a responsible person or unit to manage security information; a risk management process; an asset inventory process; an information security committee; and a policy for access control.'
Full description
Risk cases: 5
Report on the government’s processing of confidential data on persons and companies
Rigsrevisionen has examined how eight government institutions process confidential data on persons and companies in 11 selected IT systems. The report is based on IT audits carried out in connection ... with the annual audit in the spring 2014. The purpose of the audit was to assess whether confidential data on persons and companies are adequately protected by the government institutions. ... ... Inadequate protection of confidential data ... If a government institution does not protect confidential data to the extent necessary, the risk that third parties get unauthorized access to the data is very high. In opinion of the Danish SAI ... , inadequate protection of confidential data may also erode the citizens’ and companies’ confidence in government data security. That may eventually become a barrier for the continued efforts to implement ... e-government and make government administration more efficient.
Full description
Rigsrevisionen has examined how eight government institutions process confidential data on persons and companies in 11 selected IT systems. The report is based on IT audits carried out in connection ... with the annual audit in the spring 2014. The purpose of the audit was to assess whether confidential data on persons and companies are adequately protected by the government institutions. ... ... Inadequate protection of confidential data ... If a government institution does not protect confidential data to the extent necessary, the risk that third parties get unauthorized access to the data is very high. In opinion of the Danish SAI ... , inadequate protection of confidential data may also erode the citizens’ and companies’ confidence in government data security. That may eventually become a barrier for the continued efforts to implement ... e-government and make government administration more efficient.
Full description
National Audit Office of Denmark
, issued in 2014
Risk cases: 2
Management and protection of assets in the field of the information-communication technologies at the ME SR
control of backup's functionality), restoring and security, possibility of unauthorised persons to access the IS and data, which increases the risk of information leakage and security risk, and inadequate ... The Supreme Audit office of the Slovak Republic (SAO SR) has conducted the audit at the Ministry of Environment of the Slovak Republic (ME SR) for the audit period 2011 and 2012 to examine ... the compliance with the generally binding legal regulations and the general statues in the field of the information-communication technologies (ICT) and the information systems of the public administration (ISPA ... ... Started from contracting, ended in security ... The perceptive and filled with findings audit - conducted by the Slovak SAI - discovered the list of issues which started in careless contracting procedures, failure to update the development concept ... and ended in exposing the organization to high security risks.
Full description
control of backup's functionality), restoring and security, possibility of unauthorised persons to access the IS and data, which increases the risk of information leakage and security risk, and inadequate ... The Supreme Audit office of the Slovak Republic (SAO SR) has conducted the audit at the Ministry of Environment of the Slovak Republic (ME SR) for the audit period 2011 and 2012 to examine ... the compliance with the generally binding legal regulations and the general statues in the field of the information-communication technologies (ICT) and the information systems of the public administration (ISPA ... ... Started from contracting, ended in security ... The perceptive and filled with findings audit - conducted by the Slovak SAI - discovered the list of issues which started in careless contracting procedures, failure to update the development concept ... and ended in exposing the organization to high security risks.
Full description
Supreme Audit Office of the Slovak Republic
, issued in 2012
Risk cases: 4