99
results found in
13 ms
Page 2
of 10
Cyber security of border controls operated by Dutch border guards at Amsterdam Schiphol Airport
Airport prepares for cyber attacks Who does not know the Amsterdam Airport? As put by the Netherlands Court of Audits: the IT systems used for border controls at the Schiphol Airport are in the midst of a process of rapid development. The auditors reviewed the process and pointed at necessity of formal certification and better mechanism of information analysis. The report picutres also the organisation of the controls - must read for all frequent fliers
Full description
Airport prepares for cyber attacks Who does not know the Amsterdam Airport? As put by the Netherlands Court of Audits: the IT systems used for border controls at the Schiphol Airport are in the midst of a process of rapid development. The auditors reviewed the process and pointed at necessity of formal certification and better mechanism of information analysis. The report picutres also the organisation of the controls - must read for all frequent fliers
Full description
Netherlands Court of Audits
, issued in 2020
Risk cases: 8
Management of IT security in systems outsourced to external suppliers
Security to be improved in IT processes outsourced to external suppliers When IT processes are outsourced to external suppliers, the authorities no longer have direct control of the IT security, but remain responsible for managing the security of the IT. Authorities that fail to manage IT security actively based on risk assessments, and omit to monitor the implementation of these requirements, will not be able to determine if the level of IT security in the outsourced systems safeguards their systems and data. This is how the conclusion of the Rigsrevisionen starts. The Danish auditors noticed improvement in the audited entities, but they add that tha majority of the auditees: can refine their requirements for and follow-up on access control and logging practices
Full description
Security to be improved in IT processes outsourced to external suppliers When IT processes are outsourced to external suppliers, the authorities no longer have direct control of the IT security, but remain responsible for managing the security of the IT. Authorities that fail to manage IT security actively based on risk assessments, and omit to monitor the implementation of these requirements, will not be able to determine if the level of IT security in the outsourced systems safeguards their systems and data. This is how the conclusion of the Rigsrevisionen starts. The Danish auditors noticed improvement in the audited entities, but they add that tha majority of the auditees: can refine their requirements for and follow-up on access control and logging practices
Full description
National Audit Office of Denmark
, issued in 2016
Risk cases: 3
Operation of the Record Systems Applied in the Eligibility Scheme of Benefits and Services Provided from the Social Security Funds
Hungarian SAI evaluated the set-up and operation of the basic registries of managing bodies (National Health Insurance Fund, Central Administration of National Pension Insurance, National Tax ... and Customs Administration), as well as the dataflow amongst them. In addition, the control system of fulfilling the data provision obligation was evaluated, as well as the IT support activities and whether ... the records had proven reliable in supporting services in compliance with eligibilities and in filtering unjustified services. The audited period covered the years 2007-2010. ... ... Well considered regulations are essential for good quality data ... State Audit Office of Hungary.has proved that date safety may depend on quality of regulations. The report on record systems of social security services casted light on risk connected with huge data ... bases managed by different entities, in a changing legal environment.
Full description
Hungarian SAI evaluated the set-up and operation of the basic registries of managing bodies (National Health Insurance Fund, Central Administration of National Pension Insurance, National Tax ... and Customs Administration), as well as the dataflow amongst them. In addition, the control system of fulfilling the data provision obligation was evaluated, as well as the IT support activities and whether ... the records had proven reliable in supporting services in compliance with eligibilities and in filtering unjustified services. The audited period covered the years 2007-2010. ... ... Well considered regulations are essential for good quality data ... State Audit Office of Hungary.has proved that date safety may depend on quality of regulations. The report on record systems of social security services casted light on risk connected with huge data ... bases managed by different entities, in a changing legal environment.
Full description
State Audit Office of Hungary
, issued in 2012
Risk cases: 2
Audit to the Social Security Systems of Collection of Contributions and Quotes and Relationship with Banking and other Entities Engaged in Collection Initiatives
The audit aims to evaluate the effectiveness and efficiency of the processes implemented in respect of the processing schemes of contributions/quotas, whose Wages Statements (WS) entered ... into the system in the first quarter of 2007, test the reliability, stability and confidence level of the application systems developed and the respective values processed in the entire collection circuit ... and respective accounting, and also check compliance with the contracts celebrated with banking entities. ... ... Application level of Social Security IS analyzed ... Processes maturity and automation of controls appeared to be main problems in the system which reliability, stability and confidence level were tested.
Full description
The audit aims to evaluate the effectiveness and efficiency of the processes implemented in respect of the processing schemes of contributions/quotas, whose Wages Statements (WS) entered ... into the system in the first quarter of 2007, test the reliability, stability and confidence level of the application systems developed and the respective values processed in the entire collection circuit ... and respective accounting, and also check compliance with the contracts celebrated with banking entities. ... ... Application level of Social Security IS analyzed ... Processes maturity and automation of controls appeared to be main problems in the system which reliability, stability and confidence level were tested.
Full description
TRIBUNAL DE CONTAS DE PORTUGAL
, issued in 2008
Risk cases: 2
Opportunities Exist for SEC to Improve Its Controls over Financial Systems and Data
The SEC is responsible for enforcing securities laws, issuing rules and regulations that provide protection for investors, and helping to ensure that the securities markets are fair and honest ... . In carrying out its mission, the SEC relies on computerized information systems to collect, process, and store sensitive information, including financial data. Having effective information security controls ... in place is essential to protecting these systems and the information they contain. <br/> This report details weaknesses GAO identified in the information security program at SEC during its audit ... IT security basics under scrutiny ... Financial audit by US GAO was accompanied by an IT examination focused on information security measures in the Securities and Exchange Commission (SEC). GAO found that SEC’s systems could ... be compromised, because of risks jeopardizing the confidentiality, integrity, and availability of sensitive financial information.
Full description
The SEC is responsible for enforcing securities laws, issuing rules and regulations that provide protection for investors, and helping to ensure that the securities markets are fair and honest ... . In carrying out its mission, the SEC relies on computerized information systems to collect, process, and store sensitive information, including financial data. Having effective information security controls ... in place is essential to protecting these systems and the information they contain. <br/> This report details weaknesses GAO identified in the information security program at SEC during its audit ... IT security basics under scrutiny ... Financial audit by US GAO was accompanied by an IT examination focused on information security measures in the Securities and Exchange Commission (SEC). GAO found that SEC’s systems could ... be compromised, because of risks jeopardizing the confidentiality, integrity, and availability of sensitive financial information.
Full description
General Accountability Office
, issued in 2016
Risk cases: 5
Report to the Public AccountsCommittee on mitigation of cyber attacks
security controls that can increase security and mitigate cyber attacks. International studies have concluded that three central security controls can prevent the majority of the currently known types ... have addressed the risk of cyber attacks and whether they have implemented these three security controls. ... This report concerns the action taken by Danish government bodies to prevent cyber attacks. Behaving sensibly in cyberspace to avoid attacks is important, but should be supplemented by technical ... Three basic security measures are often neglected ... Government agencies are open for cyber attacks because they often forget to respect three basic IT security measures. The three measures are: 1. technical restriction on programs downloading; 2 ... . limited use of local administrators rights; 3. systematic software updates.
Full description
security controls that can increase security and mitigate cyber attacks. International studies have concluded that three central security controls can prevent the majority of the currently known types ... have addressed the risk of cyber attacks and whether they have implemented these three security controls. ... This report concerns the action taken by Danish government bodies to prevent cyber attacks. Behaving sensibly in cyberspace to avoid attacks is important, but should be supplemented by technical ... Three basic security measures are often neglected ... Government agencies are open for cyber attacks because they often forget to respect three basic IT security measures. The three measures are: 1. technical restriction on programs downloading; 2 ... . limited use of local administrators rights; 3. systematic software updates.
Full description
National Audit Office of Denmark
, issued in 2013
Risk cases: 3
Cyber Attacks: Securing Agencies’ICT Systems
. In the government sector, the Australian Signals Directorate (ASD)3 has estimated that between January and December 2012, there were over 1790 security incidents against Australian Government agencies. Of these, 685 ... were considered serious enough to warrant a Cyber Security Operations Centre response. <br/> The protection of Australian Government systems and information from unauthorised access and use is a key ... responsibility of agencies, having regard to their business operations and specific risks. In the context of a national government, those risks can range from threats to national security through to the disclosure ... ... Cyber-security strategy needs consistent implementation and periodic reviews ... List of 35 mitigation controls against cyber intrusions are a basic tool of information security strategy of the Australian Government. Top four are: 1. application whitelisting, 2. patching ... application, 3. patching operating systems, 4. minimising administrative privileges. Analysis by the ANAO helps to fill gaps and to direct next steps.
Full description
. In the government sector, the Australian Signals Directorate (ASD)3 has estimated that between January and December 2012, there were over 1790 security incidents against Australian Government agencies. Of these, 685 ... were considered serious enough to warrant a Cyber Security Operations Centre response. <br/> The protection of Australian Government systems and information from unauthorised access and use is a key ... responsibility of agencies, having regard to their business operations and specific risks. In the context of a national government, those risks can range from threats to national security through to the disclosure ... ... Cyber-security strategy needs consistent implementation and periodic reviews ... List of 35 mitigation controls against cyber intrusions are a basic tool of information security strategy of the Australian Government. Top four are: 1. application whitelisting, 2. patching ... application, 3. patching operating systems, 4. minimising administrative privileges. Analysis by the ANAO helps to fill gaps and to direct next steps.
Full description
The Australian National Audit Office
, issued in 2014
Risk cases: 3
Management and protection of assets in the field of the information-communication technologies at the ME SR
internal and security directives, unidentified critical and strategic Information Systems (IS), absolutely unsatisfying principles, procedures, conditions and policy relating to the data backuping (and ... control of backup's functionality), restoring and security, possibility of unauthorised persons to access the IS and data, which increases the risk of information leakage and security risk, and inadequate ... physical security of the areas related to the IT. All these irregularities are results of poor coordination, administration, organization, governance and operation management in the field of the ICT ... ... Started from contracting, ended in security ... and ended in exposing the organization to high security risks. ... The perceptive and filled with findings audit - conducted by the Slovak SAI - discovered the list of issues which started in careless contracting procedures, failure to update the development concept
Full description
internal and security directives, unidentified critical and strategic Information Systems (IS), absolutely unsatisfying principles, procedures, conditions and policy relating to the data backuping (and ... control of backup's functionality), restoring and security, possibility of unauthorised persons to access the IS and data, which increases the risk of information leakage and security risk, and inadequate ... physical security of the areas related to the IT. All these irregularities are results of poor coordination, administration, organization, governance and operation management in the field of the ICT ... ... Started from contracting, ended in security ... and ended in exposing the organization to high security risks. ... The perceptive and filled with findings audit - conducted by the Slovak SAI - discovered the list of issues which started in careless contracting procedures, failure to update the development concept
Full description
Supreme Audit Office of the Slovak Republic
, issued in 2012
Risk cases: 4
Management and protection of assets in the field of the information-communication technologies at the AO SR
and security of the information-communication technologies (ICT) and the information systems of the public administration (ISPA) as well as the state assets administration, the economy and disposal ... and security of assets of the information systems (IS), in the area of business continuity and the IS restoring and also several cases of lawbreaking in the field of accounting. ... The Supreme Audit office of the Slovak Republic (SAO SR) has executed the audit at the Antimonopoly Office of the Slovak Republic (AO SR) for the audit period 2010 and 2011 to verify the operation ... ... ... Failure to comply with the law leads to unnecessary jeopardizing of data security ... SR) exposed several deficiencies related to the information systems and the data security as a consequence of a lawbreaking. ... The audit in the field of the information systems of the public administration (ISPA) executed by the Supreme Audit Office of the Slovak Republic at the Antimonopoly Office of the Slovak Republic (AO
Full description
and security of the information-communication technologies (ICT) and the information systems of the public administration (ISPA) as well as the state assets administration, the economy and disposal ... and security of assets of the information systems (IS), in the area of business continuity and the IS restoring and also several cases of lawbreaking in the field of accounting. ... The Supreme Audit office of the Slovak Republic (SAO SR) has executed the audit at the Antimonopoly Office of the Slovak Republic (AO SR) for the audit period 2010 and 2011 to verify the operation ... ... ... Failure to comply with the law leads to unnecessary jeopardizing of data security ... SR) exposed several deficiencies related to the information systems and the data security as a consequence of a lawbreaking. ... The audit in the field of the information systems of the public administration (ISPA) executed by the Supreme Audit Office of the Slovak Republic at the Antimonopoly Office of the Slovak Republic (AO
Full description
Supreme Audit Office of the Slovak Republic
, issued in 2011
Risk cases: 4
The protection of IT systems and health data in three Danish regions
Security to be improved in IT systems with health data It is Rigsrevisionen’s assessment that the three regions are not protecting the access to IT systems and health data in a satisfactory manner. As a consequence, unauthorised persons might gain access to sensitive and confidential personal data, which could affect there liability and availability of important health data used in the treatment of hospital patients. Based on the results of the study and the current threat scenario, Rigsrevisionen finds that basic security measures against cyber attacks and protection of access to IT systems and health data should be a top priority for Denmark’s five regions. Basic security measures in combination with management and control of user privileges can reduce the risk of compromising the regions’ IT systems and data considerably.
Full description
Security to be improved in IT systems with health data It is Rigsrevisionen’s assessment that the three regions are not protecting the access to IT systems and health data in a satisfactory manner. As a consequence, unauthorised persons might gain access to sensitive and confidential personal data, which could affect there liability and availability of important health data used in the treatment of hospital patients. Based on the results of the study and the current threat scenario, Rigsrevisionen finds that basic security measures against cyber attacks and protection of access to IT systems and health data should be a top priority for Denmark’s five regions. Basic security measures in combination with management and control of user privileges can reduce the risk of compromising the regions’ IT systems and data considerably.
Full description
National Audit Office of Denmark
, issued in 2018
Risk cases: 3