156
results found in
15 ms
Page 7
of 16
Cyber Attacks: Securing Agencies’ICT Systems
were considered serious enough to warrant a Cyber Security Operations Centre response. <br/> The protection of Australian Government systems and information from unauthorised access and use is a key ... of sensitive personal information. Unauthorised access through electronic means, also known as cyber intrusions, can result from the actions of outside individuals or organisations. Individuals operating from ... within government may also misuse information which they are authorised to access, or may inappropriately access and use government information holdings. <br/> Audit objective was to assess selected ... ... Cyber-security strategy needs consistent implementation and periodic reviews ... List of 35 mitigation controls against cyber intrusions are a basic tool of information security strategy of the Australian Government. Top four are: 1. application whitelisting, 2. patching ... application, 3. patching operating systems, 4. minimising administrative privileges. Analysis by the ANAO helps to fill gaps and to direct next steps.
Full description
were considered serious enough to warrant a Cyber Security Operations Centre response. <br/> The protection of Australian Government systems and information from unauthorised access and use is a key ... of sensitive personal information. Unauthorised access through electronic means, also known as cyber intrusions, can result from the actions of outside individuals or organisations. Individuals operating from ... within government may also misuse information which they are authorised to access, or may inappropriately access and use government information holdings. <br/> Audit objective was to assess selected ... ... Cyber-security strategy needs consistent implementation and periodic reviews ... List of 35 mitigation controls against cyber intrusions are a basic tool of information security strategy of the Australian Government. Top four are: 1. application whitelisting, 2. patching ... application, 3. patching operating systems, 4. minimising administrative privileges. Analysis by the ANAO helps to fill gaps and to direct next steps.
Full description
The Australian National Audit Office
, issued in 2014
Risk cases: 3
Informatisation of hospitals
The goals of the audit were: 1. Assesment to what degree service providers are prepared to implement the electronic health information system. 2. Assessment of government activities related ... to the construction of the health information system within the framework of the "Healthcare Informatisation Program" ... ... Sometimes it is really not about the money.. ... Informatisation of healthcare is one of the most money-consuming IT activities of the State. Polish NIK shows how a poor concept can delay modernization of hospitals. The new IT system was expected ... to take some burden off doctors, streamline medical care, prevent fraud and improve efficiency. But will it be created at all?
Full description
The goals of the audit were: 1. Assesment to what degree service providers are prepared to implement the electronic health information system. 2. Assessment of government activities related ... to the construction of the health information system within the framework of the "Healthcare Informatisation Program" ... ... Sometimes it is really not about the money.. ... Informatisation of healthcare is one of the most money-consuming IT activities of the State. Polish NIK shows how a poor concept can delay modernization of hospitals. The new IT system was expected ... to take some burden off doctors, streamline medical care, prevent fraud and improve efficiency. But will it be created at all?
Full description
Sumpreme Audit Office
, issued in 2013
Risk cases: 3
The Shared Services Centre
The necessary environment for the efficient management of the Shared Service Center is lacking The department's administration of the Shared Services Centre (SSC) has been effective for sharing resources between the departments and delivering selected back-office services to a small client base. However, the governance arrangements established to oversight the SSC have not positioned it well for the future and the departments have not yet determined if the arrangement is efficient and resulting in savings. ANAO found instances where the advisory board of SSC was not consulted or involved in decisions relating to the strategic direction, financial arrangements and expenditure priorities. Information reported to the board did not focus on areas of strategic importance and the quality and completeness of this information could be improved. The mechanisms established for setting out responsibilities and obligations and ensuring transparency for services delivered by the SSC was weak. Service standards and levels were not fixed and can change. The delineation of responsibilities between the SSC and its clients was not clear and there was no commitment by the SSC to certify the quality of its control framework.
Full description
The necessary environment for the efficient management of the Shared Service Center is lacking The department's administration of the Shared Services Centre (SSC) has been effective for sharing resources between the departments and delivering selected back-office services to a small client base. However, the governance arrangements established to oversight the SSC have not positioned it well for the future and the departments have not yet determined if the arrangement is efficient and resulting in savings. ANAO found instances where the advisory board of SSC was not consulted or involved in decisions relating to the strategic direction, financial arrangements and expenditure priorities. Information reported to the board did not focus on areas of strategic importance and the quality and completeness of this information could be improved. The mechanisms established for setting out responsibilities and obligations and ensuring transparency for services delivered by the SSC was weak. Service standards and levels were not fixed and can change. The delineation of responsibilities between the SSC and its clients was not clear and there was no commitment by the SSC to certify the quality of its control framework.
Full description
The Australian National Audit Office
, issued in 2016
Risk cases: 2
Does the Public Investment in Internet Access Reach the Population?
Middle mile network is not enough Latvia is known for its high-speed Internet provided to individuaals and business. Auditors verified results of the Government's effort to strengthen national infrastructure in this regard. They ponted at issues in: planning, risk analysis, information flow, quality and impact.
Full description
Middle mile network is not enough Latvia is known for its high-speed Internet provided to individuaals and business. Auditors verified results of the Government's effort to strengthen national infrastructure in this regard. They ponted at issues in: planning, risk analysis, information flow, quality and impact.
Full description
State Audit Office of the Republic of Latvia
, issued in 2020
Risk cases: 6
The BBC’s understanding of its audiences and users
Understand your audience, BBC Audience data and insights are critical to the success of broadcasters - which is also true in the case of the world renowned British Broadcasting Corporation. Auditors reviewed the BBC's main projects and the analyst team dedicated to collect and interpret the audience related information. Data coherence, review of performance and benefits traicing - belong to key areas in need of substantial refinements.
Full description
Understand your audience, BBC Audience data and insights are critical to the success of broadcasters - which is also true in the case of the world renowned British Broadcasting Corporation. Auditors reviewed the BBC's main projects and the analyst team dedicated to collect and interpret the audience related information. Data coherence, review of performance and benefits traicing - belong to key areas in need of substantial refinements.
Full description
National Audit Office
, issued in 2019
Risk cases: 6
THE CYBER SECURITY ENVIRONMENT IN LITHUANIA
and electronic information security as well as the funds allocated and used in this area. The SAI evaluated whether the cyber security and electronic information security objectives detailed in planning documents ... The purpose of the audit was to assess whether cyber security is being ensured in Lithuania. In view of this goal, we assessed whether: (1) an effective cyber security system has been set up; (2 ... ) cyber security is ensured in public establishments. During the audit, the SAI Lithuania analysed current regulation, strategic planning and management practices in the field of cyber security ... ... Cyber-security is much more than preventing incidents ... to and preventing incidents in cyber space, which means that traditional issues related to electronic information security (confidentiality, integrity, accessibility) have been neglected, and from 2015, not enough ... SAI Lithuania determined that the issue of ensuring and increasing cyber security and resilience has not been effectively addressed at the national level. The focus has primarily been on reacting ... attention has been paid to development, legislation, improvement of organisational structure, etc. in this field.
Full description
and electronic information security as well as the funds allocated and used in this area. The SAI evaluated whether the cyber security and electronic information security objectives detailed in planning documents ... The purpose of the audit was to assess whether cyber security is being ensured in Lithuania. In view of this goal, we assessed whether: (1) an effective cyber security system has been set up; (2 ... ) cyber security is ensured in public establishments. During the audit, the SAI Lithuania analysed current regulation, strategic planning and management practices in the field of cyber security ... ... Cyber-security is much more than preventing incidents ... to and preventing incidents in cyber space, which means that traditional issues related to electronic information security (confidentiality, integrity, accessibility) have been neglected, and from 2015, not enough ... SAI Lithuania determined that the issue of ensuring and increasing cyber security and resilience has not been effectively addressed at the national level. The focus has primarily been on reacting ... attention has been paid to development, legislation, improvement of organisational structure, etc. in this field.
Full description
National Audit Office of the Republic of Lithuania
, issued in 2015
Risk cases: 6
Cyber security of border controls operated by Dutch border guards at Amsterdam Schiphol Airport
Airport prepares for cyber attacks Who does not know the Amsterdam Airport? As put by the Netherlands Court of Audits: the IT systems used for border controls at the Schiphol Airport are in the midst of a process of rapid development. The auditors reviewed the process and pointed at necessity of formal certification and better mechanism of information analysis. The report picutres also the organisation of the controls - must read for all frequent fliers
Full description
Airport prepares for cyber attacks Who does not know the Amsterdam Airport? As put by the Netherlands Court of Audits: the IT systems used for border controls at the Schiphol Airport are in the midst of a process of rapid development. The auditors reviewed the process and pointed at necessity of formal certification and better mechanism of information analysis. The report picutres also the organisation of the controls - must read for all frequent fliers
Full description
Netherlands Court of Audits
, issued in 2020
Risk cases: 8
Federal Human Resources Data
Internal control weaknesses may put mission at risk GAO audited the Enterprise Human Resources Integration payroll data warehose. The American auditors pointed at problems that may impede 'leverage of these data to meet its mission and allow others to make full use' of them. The critical internal contols areas to be improved in this cas are: completeness, accuracy, and validity of information, authorization, documentation, monitoring, results' evaluation.
Full description
Internal control weaknesses may put mission at risk GAO audited the Enterprise Human Resources Integration payroll data warehose. The American auditors pointed at problems that may impede 'leverage of these data to meet its mission and allow others to make full use' of them. The critical internal contols areas to be improved in this cas are: completeness, accuracy, and validity of information, authorization, documentation, monitoring, results' evaluation.
Full description
General Accountability Office
, issued in 2016
Risk cases: 2
Effectiveness of internal controls in the protection of personal data in national databases
must ensure that personal data is protected from abuse. The information system of the database must function appropriately, incl. be reliable and safe. Log files must be retained of all instances ... of internal controls which must ensure the accuracy and preservation of data and avoid information leaks. ... The NAO analysed seven national databases in order to find out how the legitimate use of personal data is ensured. In accordance with the Personal Data Protection Act, the agencies who run databases ... ... Basic controls analysis can fail in data protection ... Estonian SAI analyzed personal data safety. Main finding were: poor log analysis and unprotected data.
Full description
must ensure that personal data is protected from abuse. The information system of the database must function appropriately, incl. be reliable and safe. Log files must be retained of all instances ... of internal controls which must ensure the accuracy and preservation of data and avoid information leaks. ... The NAO analysed seven national databases in order to find out how the legitimate use of personal data is ensured. In accordance with the Personal Data Protection Act, the agencies who run databases ... ... Basic controls analysis can fail in data protection ... Estonian SAI analyzed personal data safety. Main finding were: poor log analysis and unprotected data.
Full description
National Audit Office of Estonia
, issued in 2008
Risk cases: 2
Coordination of Infrastructure Works by Metropolitan Municipalities
Rapid population growth at metropoles as well as dense and planless structuring, especially in İstanbul and Ankara, have lead to an increase in demand for utilities services and consequently ... , in the resources used for the construction and maintenance of utilities. Moreover, in cities with dense population, damages to roads and sidewalks during the construction and maintenance of utilities cause problems ... in daily life, create financial burden and necessitate effective solutions. The purpose of this audit is to ensure that metropolitan municipalities eradicate defects in implementation, and Ministry ... ... ... Start geographic information system with cooperation rules and digital maps ... Organization of geographic and infrastructure information systems is an especially difficult task when bacause vast and intense coordination is necessary. The Turkisch Court of Accounts lists ... problems that reduce use and rise costs of this fundamental task.
Full description
Rapid population growth at metropoles as well as dense and planless structuring, especially in İstanbul and Ankara, have lead to an increase in demand for utilities services and consequently ... , in the resources used for the construction and maintenance of utilities. Moreover, in cities with dense population, damages to roads and sidewalks during the construction and maintenance of utilities cause problems ... in daily life, create financial burden and necessitate effective solutions. The purpose of this audit is to ensure that metropolitan municipalities eradicate defects in implementation, and Ministry ... ... ... Start geographic information system with cooperation rules and digital maps ... Organization of geographic and infrastructure information systems is an especially difficult task when bacause vast and intense coordination is necessary. The Turkisch Court of Accounts lists ... problems that reduce use and rise costs of this fundamental task.
Full description
Turkish Court of Accounts
, issued in 2008
Risk cases: 2