146
results found in
13 ms
Page 6
of 15
Cyber Attacks: Securing Agencies’ICT Systems
were considered serious enough to warrant a Cyber Security Operations Centre response. <br/> The protection of Australian Government systems and information from unauthorised access and use is a key ... Cyber crime is an international problem, and it is estimated that in 2012, 5.4 million Australians fell victim to such crimes, with an estimated cost to the economy of $1.65 billion ... . In the government sector, the Australian Signals Directorate (ASD)3 has estimated that between January and December 2012, there were over 1790 security incidents against Australian Government agencies. Of these, 685 ... ... Cyber-security strategy needs consistent implementation and periodic reviews ... List of 35 mitigation controls against cyber intrusions are a basic tool of information security strategy of the Australian Government. Top four are: 1. application whitelisting, 2. patching ... application, 3. patching operating systems, 4. minimising administrative privileges. Analysis by the ANAO helps to fill gaps and to direct next steps.
Full description
were considered serious enough to warrant a Cyber Security Operations Centre response. <br/> The protection of Australian Government systems and information from unauthorised access and use is a key ... Cyber crime is an international problem, and it is estimated that in 2012, 5.4 million Australians fell victim to such crimes, with an estimated cost to the economy of $1.65 billion ... . In the government sector, the Australian Signals Directorate (ASD)3 has estimated that between January and December 2012, there were over 1790 security incidents against Australian Government agencies. Of these, 685 ... ... Cyber-security strategy needs consistent implementation and periodic reviews ... List of 35 mitigation controls against cyber intrusions are a basic tool of information security strategy of the Australian Government. Top four are: 1. application whitelisting, 2. patching ... application, 3. patching operating systems, 4. minimising administrative privileges. Analysis by the ANAO helps to fill gaps and to direct next steps.
Full description
The Australian National Audit Office
, issued in 2014
Risk cases: 3
VETERANS’ HEALTH CARE - Preliminary Observations on VHA’s Claims Processing Delays and Efforts to Improve the Timeliness of Payments to Community Providers
, GAO obtained fiscal year 2015 data on the timeliness of VHA’s, Medicare’s, and TRICARE’s claims processing. GAO visited 4 of 95 VHA claims processing locations (selected on the basis of variation ... Due to increases in expenditures and utilization of VA care in the community services in recent years, VHA has had difficulty processing claims in a timely manner. In planning to consolidate its ... existing VA care in the community programs, as required by law, the agency said it will examine strategies for improving the timeliness and accuracy of its payments to community providers.<br ... Data processing hold back by technology limitation, workload and administrative burden ... US GAO analyzed all factors of slower processing and user unfriendliness that occur sometimes to the veterans healthcare. The main focus is data processing - and it has been proved that it can ... be failing not only because of technology, but also because of work-process design, staff and organisation.
Full description
, GAO obtained fiscal year 2015 data on the timeliness of VHA’s, Medicare’s, and TRICARE’s claims processing. GAO visited 4 of 95 VHA claims processing locations (selected on the basis of variation ... Due to increases in expenditures and utilization of VA care in the community services in recent years, VHA has had difficulty processing claims in a timely manner. In planning to consolidate its ... existing VA care in the community programs, as required by law, the agency said it will examine strategies for improving the timeliness and accuracy of its payments to community providers.<br ... Data processing hold back by technology limitation, workload and administrative burden ... US GAO analyzed all factors of slower processing and user unfriendliness that occur sometimes to the veterans healthcare. The main focus is data processing - and it has been proved that it can ... be failing not only because of technology, but also because of work-process design, staff and organisation.
Full description
General Accountability Office
, issued in 2016
Risk cases: 6
Traffic Ticketing information system
The audit included two areas of focus - the environment surrounding the Traffic Ticketing Information System - the System (designed to input, process, manage and collect payment for the traffic ... tickets) and also the internal environment of the System that guarantees the quality of its performance and safety. ... Security can hinder effectiveness ... SAI of Kuwait analysed system supporting collection of the traffic tickets - data input, processing and management. What was found was lack of basic safety measures, that hindered the effectiveness ... of the system.
Full description
The audit included two areas of focus - the environment surrounding the Traffic Ticketing Information System - the System (designed to input, process, manage and collect payment for the traffic ... tickets) and also the internal environment of the System that guarantees the quality of its performance and safety. ... Security can hinder effectiveness ... SAI of Kuwait analysed system supporting collection of the traffic tickets - data input, processing and management. What was found was lack of basic safety measures, that hindered the effectiveness ... of the system.
Full description
State Audit Bureau of Kuwait
, issued in 2014
Risk cases: 3
Identifying and meeting central government's skills requirements
Start with well managed responsibilities UK Departments have invested heavily in skills development. Government estimates that expenditure on formal training, including salary costs of departmental learning and development staff, was £275 million in 2009-10. NAO identified weaknesses of the system which start with devolved responsibilities, lead to: weak data, mis-profiled trainings, doubtful personal decisions, lack of well-targeted evaluation - and finish at more expensive buying-in and retaining key skills...
Full description
Start with well managed responsibilities UK Departments have invested heavily in skills development. Government estimates that expenditure on formal training, including salary costs of departmental learning and development staff, was £275 million in 2009-10. NAO identified weaknesses of the system which start with devolved responsibilities, lead to: weak data, mis-profiled trainings, doubtful personal decisions, lack of well-targeted evaluation - and finish at more expensive buying-in and retaining key skills...
Full description
National Audit Office
, issued in 2011
Risk cases: 6
Effectiveness of the execution of the eHealth project
management of the health and health related data. The Ministry had planned to finish the project by December 2015 with estimated implementation and operational costs of 133 million euro by December 2023 ... The Court of Audit of the Republic of Slovenia has audited how effectively the Ministry of Health had managed the project eHealth - the national plan for developing information system support ... to the national public health system in the period between 1st of January 2004 and 26th of September 2013. The audit has focused on the effectiveness of the Ministry in achieving the project’s goals, time ... ... Clear concept, good planning and financial control are indispensable conditions for a successful IT project ... data. The Court has pointed at a long list of project management fundamentals to be corrected. ... The Court of Audit of the Republic of Slovenia analysed a Government eHealth project. Its goal was to implement a modern information system, which would support the health services and health related
Full description
management of the health and health related data. The Ministry had planned to finish the project by December 2015 with estimated implementation and operational costs of 133 million euro by December 2023 ... The Court of Audit of the Republic of Slovenia has audited how effectively the Ministry of Health had managed the project eHealth - the national plan for developing information system support ... to the national public health system in the period between 1st of January 2004 and 26th of September 2013. The audit has focused on the effectiveness of the Ministry in achieving the project’s goals, time ... ... Clear concept, good planning and financial control are indispensable conditions for a successful IT project ... data. The Court has pointed at a long list of project management fundamentals to be corrected. ... The Court of Audit of the Republic of Slovenia analysed a Government eHealth project. Its goal was to implement a modern information system, which would support the health services and health related
Full description
Court of Audit of the Republic of Slovenia
, issued in 2013
Risk cases: 5
Report on the problems connected with the development and implementation of the digitally based Shared Medication Record
for the hospitals have made an adequate effort to develop and implement the Shared Medication Record (SMR). With the SMR, data on the citizens’ medication can be shared across hospitals, general practitioners, etc ... . and relevant health staff and the patients have direct digital access to updated medical data round the clock. The report answers the following questions: 1) Has the Ministry of Health and the NHA provided ... The purpose of the examination was to assess whether the department of the Danish Ministry of Health, the Danish National eHealth Authority (NHA) and the five regions that are responsible ... ... Involvement of key participants necessary from the very beginning ... Digitally based Shared Medication Record is basis of the complex healthcare system. Rigsrevisionen analysed unsolved issues related to unclear business case, insufficient analysis of work flows ... and processes leading to implementation problems, governance not involving key players, and IT security organisation.
Full description
for the hospitals have made an adequate effort to develop and implement the Shared Medication Record (SMR). With the SMR, data on the citizens’ medication can be shared across hospitals, general practitioners, etc ... . and relevant health staff and the patients have direct digital access to updated medical data round the clock. The report answers the following questions: 1) Has the Ministry of Health and the NHA provided ... The purpose of the examination was to assess whether the department of the Danish Ministry of Health, the Danish National eHealth Authority (NHA) and the five regions that are responsible ... ... Involvement of key participants necessary from the very beginning ... Digitally based Shared Medication Record is basis of the complex healthcare system. Rigsrevisionen analysed unsolved issues related to unclear business case, insufficient analysis of work flows ... and processes leading to implementation problems, governance not involving key players, and IT security organisation.
Full description
National Audit Office of Denmark
, issued in 2014
Risk cases: 2
IT security in the Federal Administration
The SFAO has audited the Admin PKI – the basic infrastructure and offering for the issuing of digital certificates – within the Federal Office of Information Technology, Systems and Telecommunication ... (FOITT). The examination concentrated on assessing the development and current operation as well as future prospects. Admin PKI refers to all processes and the hardware and software needed for issuing ... certificates of different grades. ... Technical and organizational deficiencies work together against data security ... Only minor deficiencies were revealed in the Windows environment but only in case of Microsoft products.Providers' lack of both assertiveness and synergy adds to 'the great unknown' of authonomous ... entities' networks.
Full description
The SFAO has audited the Admin PKI – the basic infrastructure and offering for the issuing of digital certificates – within the Federal Office of Information Technology, Systems and Telecommunication ... (FOITT). The examination concentrated on assessing the development and current operation as well as future prospects. Admin PKI refers to all processes and the hardware and software needed for issuing ... certificates of different grades. ... Technical and organizational deficiencies work together against data security ... Only minor deficiencies were revealed in the Windows environment but only in case of Microsoft products.Providers' lack of both assertiveness and synergy adds to 'the great unknown' of authonomous ... entities' networks.
Full description
Swiss Federal Audit Office
, issued in 2011
Risk cases: 4
Material–technical supply of the State Police
. The audit included inspections performed at the State Police, the Ministry of the Interior and the Information Centre and focused on: the Biometric data processing system and the Criminal Procedure ... The main aim of the audit was to obtain assurance about whether the State budget funds allocated for material–technical supply of functions of the State Police were legitimate and efficient ... information system. ... ... Essential role of pre-project evaluation ... SAI of Latvia reveals chain of events that lead to unsuccessful implemenation of two important IS of the State police. What started with an absence of the strategy ended up with budget, time ... overruns and an IS not ready for effiecient use.
Full description
. The audit included inspections performed at the State Police, the Ministry of the Interior and the Information Centre and focused on: the Biometric data processing system and the Criminal Procedure ... The main aim of the audit was to obtain assurance about whether the State budget funds allocated for material–technical supply of functions of the State Police were legitimate and efficient ... information system. ... ... Essential role of pre-project evaluation ... SAI of Latvia reveals chain of events that lead to unsuccessful implemenation of two important IS of the State police. What started with an absence of the strategy ended up with budget, time ... overruns and an IS not ready for effiecient use.
Full description
State Audit Office of the Republic of Latvia
, issued in 2013
Risk cases: 6
Management of IT security in systems outsourced to external suppliers
Security to be improved in IT processes outsourced to external suppliers When IT processes are outsourced to external suppliers, the authorities no longer have direct control of the IT security, but remain responsible for managing the security of the IT. Authorities that fail to manage IT security actively based on risk assessments, and omit to monitor the implementation of these requirements, will not be able to determine if the level of IT security in the outsourced systems safeguards their systems and data. This is how the conclusion of the Rigsrevisionen starts. The Danish auditors noticed improvement in the audited entities, but they add that tha majority of the auditees: can refine their requirements for and follow-up on access control and logging practices
Full description
Security to be improved in IT processes outsourced to external suppliers When IT processes are outsourced to external suppliers, the authorities no longer have direct control of the IT security, but remain responsible for managing the security of the IT. Authorities that fail to manage IT security actively based on risk assessments, and omit to monitor the implementation of these requirements, will not be able to determine if the level of IT security in the outsourced systems safeguards their systems and data. This is how the conclusion of the Rigsrevisionen starts. The Danish auditors noticed improvement in the audited entities, but they add that tha majority of the auditees: can refine their requirements for and follow-up on access control and logging practices
Full description
National Audit Office of Denmark
, issued in 2016
Risk cases: 3
Security of servers managed by the Danish Agency for Governmental IT Services
Servers are essential part of IT infrastructure. At the same time, they are vulnerable to cyberattacks, because they can be exploited by hackers to gain unauthorized access to the system and steal sensitive information, corrupt data, or cause systems to malfunction. Once the security of a server is compromised, attackers can gain access to other computers and servers across the network. Danish auditors paid attention to risky stages of servers lifecycle. The Danish Agency for Governmental IT Services managed 5,353 servers on behalf of 46 authorities in time of the audit. 537 of these servers were no longer supported by their developers because they have reached the end of their lifecycle.
Full description
Servers are essential part of IT infrastructure. At the same time, they are vulnerable to cyberattacks, because they can be exploited by hackers to gain unauthorized access to the system and steal sensitive information, corrupt data, or cause systems to malfunction. Once the security of a server is compromised, attackers can gain access to other computers and servers across the network. Danish auditors paid attention to risky stages of servers lifecycle. The Danish Agency for Governmental IT Services managed 5,353 servers on behalf of 46 authorities in time of the audit. 537 of these servers were no longer supported by their developers because they have reached the end of their lifecycle.
Full description
National Audit Office of Denmark
, issued in 2023
Risk cases: $risks.size()