99
results found in
13 ms
Page 1
of 10
THE CYBER SECURITY ENVIRONMENT IN LITHUANIA
The purpose of the audit was to assess whether cyber security is being ensured in Lithuania. In view of this goal, we assessed whether: (1) an effective cyber security system has been set up; (2 ... ) cyber security is ensured in public establishments. During the audit, the SAI Lithuania analysed current regulation, strategic planning and management practices in the field of cyber security ... and electronic information security as well as the funds allocated and used in this area. The SAI evaluated whether the cyber security and electronic information security objectives detailed in planning documents ... ... Cyber-security is much more than preventing incidents ... SAI Lithuania determined that the issue of ensuring and increasing cyber security and resilience has not been effectively addressed at the national level. The focus has primarily been on reacting ... to and preventing incidents in cyber space, which means that traditional issues related to electronic information security (confidentiality, integrity, accessibility) have been neglected, and from 2015, not enough ... attention has been paid to development, legislation, improvement of organisational structure, etc. in this field.
Full description
The purpose of the audit was to assess whether cyber security is being ensured in Lithuania. In view of this goal, we assessed whether: (1) an effective cyber security system has been set up; (2 ... ) cyber security is ensured in public establishments. During the audit, the SAI Lithuania analysed current regulation, strategic planning and management practices in the field of cyber security ... and electronic information security as well as the funds allocated and used in this area. The SAI evaluated whether the cyber security and electronic information security objectives detailed in planning documents ... ... Cyber-security is much more than preventing incidents ... SAI Lithuania determined that the issue of ensuring and increasing cyber security and resilience has not been effectively addressed at the national level. The focus has primarily been on reacting ... to and preventing incidents in cyber space, which means that traditional issues related to electronic information security (confidentiality, integrity, accessibility) have been neglected, and from 2015, not enough ... attention has been paid to development, legislation, improvement of organisational structure, etc. in this field.
Full description
National Audit Office of the Republic of Lithuania
, issued in 2015
Risk cases: 6
Audit on the current management and supervision of information protection and cyber security in the financial sector
- Evaluation of management and supervision of information protection and cyber security in the financial sector - Evaluation of current state of security management system in the financial sector ... - Based on a sample of 10 public institutions and 9 financial institutions. ... Information Protection and cyber security in the financial sector ... SAI Korea reviewed 10 public and nine financial institutions. Their analysis shows how the lack of evaluation at management level can result in decrease of stakeholders' confidence or even ... in economic damage.
Full description
- Evaluation of management and supervision of information protection and cyber security in the financial sector - Evaluation of current state of security management system in the financial sector ... - Based on a sample of 10 public institutions and 9 financial institutions. ... Information Protection and cyber security in the financial sector ... SAI Korea reviewed 10 public and nine financial institutions. Their analysis shows how the lack of evaluation at management level can result in decrease of stakeholders' confidence or even ... in economic damage.
Full description
Board of Audit and Inspection of Korea
, issued in 2011
Risk cases: 2
Cyber Attacks: Securing Agencies’ICT Systems
were considered serious enough to warrant a Cyber Security Operations Centre response. <br/> The protection of Australian Government systems and information from unauthorised access and use is a key ... estimated that between January and December 2012Ć, there were over 1790 security incidents against Australian Government agencies. Of these, 685 were considered serious enough to warrant a Cyber Security ... Cyber crime is an international problem, and it is estimated that in 2012, 5.4 million Australians fell victim to such crimes, with an estimated cost to the economy of $1.65 billion ... ... Cyber-security strategy needs consistent implementation and periodic reviews ... List of 35 mitigation controls against cyber intrusions are a basic tool of information security strategy of the Australian Government. Top four are: 1. application whitelisting, 2. patching ... application, 3. patching operating systems, 4. minimising administrative privileges. Analysis by the ANAO helps to fill gaps and to direct next steps.
Full description
were considered serious enough to warrant a Cyber Security Operations Centre response. <br/> The protection of Australian Government systems and information from unauthorised access and use is a key ... estimated that between January and December 2012Ć, there were over 1790 security incidents against Australian Government agencies. Of these, 685 were considered serious enough to warrant a Cyber Security ... Cyber crime is an international problem, and it is estimated that in 2012, 5.4 million Australians fell victim to such crimes, with an estimated cost to the economy of $1.65 billion ... ... Cyber-security strategy needs consistent implementation and periodic reviews ... List of 35 mitigation controls against cyber intrusions are a basic tool of information security strategy of the Australian Government. Top four are: 1. application whitelisting, 2. patching ... application, 3. patching operating systems, 4. minimising administrative privileges. Analysis by the ANAO helps to fill gaps and to direct next steps.
Full description
The Australian National Audit Office
, issued in 2014
Risk cases: 3
Report to the Public AccountsCommittee on mitigation of cyber attacks
security controls that can increase security and mitigate cyber attacks. International studies have concluded that three central security controls can prevent the majority of the currently known types ... have addressed the risk of cyber attacks and whether they have implemented these three security controls. ... This report concerns the action taken by Danish government bodies to prevent cyber attacks. Behaving sensibly in cyberspace to avoid attacks is important, but should be supplemented by technical ... Three basic security measures are often neglected ... Government agencies are open for cyber attacks because they often forget to respect three basic IT security measures. The three measures are: 1. technical restriction on programs downloading; 2 ... . limited use of local administrators rights; 3. systematic software updates.
Full description
security controls that can increase security and mitigate cyber attacks. International studies have concluded that three central security controls can prevent the majority of the currently known types ... have addressed the risk of cyber attacks and whether they have implemented these three security controls. ... This report concerns the action taken by Danish government bodies to prevent cyber attacks. Behaving sensibly in cyberspace to avoid attacks is important, but should be supplemented by technical ... Three basic security measures are often neglected ... Government agencies are open for cyber attacks because they often forget to respect three basic IT security measures. The three measures are: 1. technical restriction on programs downloading; 2 ... . limited use of local administrators rights; 3. systematic software updates.
Full description
National Audit Office of Denmark
, issued in 2013
Risk cases: 3
WannaCry Cyber Attack and the NHS
Why the British NHS became a victim of WannaCry The NAO's investigation points at the problem of insufficient powers of the cybersecurity coordinator across the health organisation. As a result no remedial actions were taken, and the cyber attack succeeded thanks to neglected precautions.
Full description
Why the British NHS became a victim of WannaCry The NAO's investigation points at the problem of insufficient powers of the cybersecurity coordinator across the health organisation. As a result no remedial actions were taken, and the cyber attack succeeded thanks to neglected precautions.
Full description
National Audit Office
, issued in 2017
Risk cases: 3
Cyber security of border controls operated by Dutch border guards at Amsterdam Schiphol Airport
Airport prepares for cyber attacks Who does not know the Amsterdam Airport? As put by the Netherlands Court of Audits: the IT systems used for border controls at the Schiphol Airport are in the midst of a process of rapid development. The auditors reviewed the process and pointed at necessity of formal certification and better mechanism of information analysis. The report picutres also the organisation of the controls - must read for all frequent fliers
Full description
Airport prepares for cyber attacks Who does not know the Amsterdam Airport? As put by the Netherlands Court of Audits: the IT systems used for border controls at the Schiphol Airport are in the midst of a process of rapid development. The auditors reviewed the process and pointed at necessity of formal certification and better mechanism of information analysis. The report picutres also the organisation of the controls - must read for all frequent fliers
Full description
Netherlands Court of Audits
, issued in 2020
Risk cases: 8
Data security and positions with access to confidential information
This government wide audit on information security and positions with access to confidential information has been performed at all ministries ans for each ministry also at one of the agencies ... . The 2007 Civil Service Data Information Security Decree (in Dutch: VIR 2007) is the legal foundation of the first part of this audit (data security). The Security Screening Act (in Dutch: WVO ... Information Security Decree, eight organizations show scope for improvement and nine organizations show an unsatisfactory level of compliance with the 2007 Civil Service Data Information Security Decree. When ... ... Shortcomings in information security and in positions with access to confidential information ... Surprising weaknesses were revealed by the NCA in its Government-wide operational audit performed as part of the 2011 audit into the state of central government accounts: Poor quality of data ... protection policy and poor protection of information systems. Also, non vetted positions with access to confidential information.
Full description
This government wide audit on information security and positions with access to confidential information has been performed at all ministries ans for each ministry also at one of the agencies ... . The 2007 Civil Service Data Information Security Decree (in Dutch: VIR 2007) is the legal foundation of the first part of this audit (data security). The Security Screening Act (in Dutch: WVO ... Information Security Decree, eight organizations show scope for improvement and nine organizations show an unsatisfactory level of compliance with the 2007 Civil Service Data Information Security Decree. When ... ... Shortcomings in information security and in positions with access to confidential information ... Surprising weaknesses were revealed by the NCA in its Government-wide operational audit performed as part of the 2011 audit into the state of central government accounts: Poor quality of data ... protection policy and poor protection of information systems. Also, non vetted positions with access to confidential information.
Full description
Netherlands Court of Audits
, issued in 2012
Risk cases: 3
IT security in the Federal Administration
The SFAO has audited the Admin PKI – the basic infrastructure and offering for the issuing of digital certificates – within the Federal Office of Information Technology, Systems and Telecommunication ... (FOITT). The examination concentrated on assessing the development and current operation as well as future prospects. Admin PKI refers to all processes and the hardware and software needed for issuing ... certificates of different grades. ... Technical and organizational deficiencies work together against data security ... Only minor deficiencies were revealed in the Windows environment but only in case of Microsoft products.Providers' lack of both assertiveness and synergy adds to 'the great unknown' of authonomous ... entities' networks.
Full description
The SFAO has audited the Admin PKI – the basic infrastructure and offering for the issuing of digital certificates – within the Federal Office of Information Technology, Systems and Telecommunication ... (FOITT). The examination concentrated on assessing the development and current operation as well as future prospects. Admin PKI refers to all processes and the hardware and software needed for issuing ... certificates of different grades. ... Technical and organizational deficiencies work together against data security ... Only minor deficiencies were revealed in the Windows environment but only in case of Microsoft products.Providers' lack of both assertiveness and synergy adds to 'the great unknown' of authonomous ... entities' networks.
Full description
Swiss Federal Audit Office
, issued in 2011
Risk cases: 4
Information security work at nine agencies
Difficulties in achieving appropriate IT security Together with the Swedish NAO we assume that the picture that emerges at the agencies audited applies also to most of the other agencies in the public administration. The information security work is not given high enough priority in relation to the risks that exist. This applies to both the Government, which should have been clearer in its directions to agencies on this matter, and to agency managements, which did not give priority to the work of information security to the extent required. Much indicates that it is difficult for many agencies to achieve an appropriate level of information security work.
Full description
Difficulties in achieving appropriate IT security Together with the Swedish NAO we assume that the picture that emerges at the agencies audited applies also to most of the other agencies in the public administration. The information security work is not given high enough priority in relation to the risks that exist. This applies to both the Government, which should have been clearer in its directions to agencies on this matter, and to agency managements, which did not give priority to the work of information security to the extent required. Much indicates that it is difficult for many agencies to achieve an appropriate level of information security work.
Full description
Swedish National Audit Office
, issued in 2016
Risk cases: 4
For the sake of security – intelligence sharing between the Police Authority and the Swedish Security Service
Cooperation between Police and Security Service The Swedish NAO audited whether the Police Authority and the Swedish Security Service share intelligence effectively to prevent and combat violent extremism and terrorism. In this highly non-typical environment, some universal rules turned out to be still valid. We would like to emphasise role of : organizational patterns, information access rights and sincere feedback.
Full description
Cooperation between Police and Security Service The Swedish NAO audited whether the Police Authority and the Swedish Security Service share intelligence effectively to prevent and combat violent extremism and terrorism. In this highly non-typical environment, some universal rules turned out to be still valid. We would like to emphasise role of : organizational patterns, information access rights and sincere feedback.
Full description
Swedish National Audit Office
, issued in 2018
Risk cases: 3