131
results found in
15 ms
Page 1
of 14
CYBERSECURITY: Implementation of Executive Order Requirements Is Essential to Address Key Actions
GAO continues to review and report status of information security - the high-risk area for more than 25 years already. Special focus is on federal cybersecurity challenges. An average of approximately 31,492 incidents per year for fiscal years 2017 through 2022 were reported by responsible Government bodies. In fiscal year 2022, agencies reported experiencing 30,659 incidents.
Full description
GAO continues to review and report status of information security - the high-risk area for more than 25 years already. Special focus is on federal cybersecurity challenges. An average of approximately 31,492 incidents per year for fiscal years 2017 through 2022 were reported by responsible Government bodies. In fiscal year 2022, agencies reported experiencing 30,659 incidents.
Full description
US Government Accountability Office
, issued in 2024
Risk cases: $risks.size()
Information security work at nine agencies
Difficulties in achieving appropriate IT security Together with the Swedish NAO we assume that the picture that emerges at the agencies audited applies also to most of the other agencies in the public administration. The information security work is not given high enough priority in relation to the risks that exist. This applies to both the Government, which should have been clearer in its directions to agencies on this matter, and to agency managements, which did not give priority to the work of information security to the extent required. Much indicates that it is difficult for many agencies to achieve an appropriate level of information security work.
Full description
Difficulties in achieving appropriate IT security Together with the Swedish NAO we assume that the picture that emerges at the agencies audited applies also to most of the other agencies in the public administration. The information security work is not given high enough priority in relation to the risks that exist. This applies to both the Government, which should have been clearer in its directions to agencies on this matter, and to agency managements, which did not give priority to the work of information security to the extent required. Much indicates that it is difficult for many agencies to achieve an appropriate level of information security work.
Full description
Swedish National Audit Office
, issued in 2016
Risk cases: 4
Audit of the DTI key project Polycom Value Preservation 2030 with a focus on the border security subnetwork
The Swiss Federal Audit Office’s recent review of the Polycom Value Preservation 2030 project highlights effective management and coordination by the Federal Office for Customs and Border Security. Despite the rapid technological transition, the project remains on track for completion by the end of 2024, with dismantling expected by the end of 2025. This audit underscores the project’s robust planning and execution, ensuring Switzerland’s security radio system is up-to-date and reliable. Polycom is the security radio system of Switzerland's authorities and organisations for rescue and security. Due to the manufacturer's change of technology, the system in Switzerland needs to be brought up to date. Parallel operation is necessary as long as both technologies are in use. The Federal Office for Customs and Border Security (FOCBS) is con- tributing around CHF 65 million to this technological development. Together with the Fed- eral Office for Civil Protection (FOCP), the Confederation is investing a total of around CHF 160 million in this project.
Full description
The Swiss Federal Audit Office’s recent review of the Polycom Value Preservation 2030 project highlights effective management and coordination by the Federal Office for Customs and Border Security. Despite the rapid technological transition, the project remains on track for completion by the end of 2024, with dismantling expected by the end of 2025. This audit underscores the project’s robust planning and execution, ensuring Switzerland’s security radio system is up-to-date and reliable. Polycom is the security radio system of Switzerland's authorities and organisations for rescue and security. Due to the manufacturer's change of technology, the system in Switzerland needs to be brought up to date. Parallel operation is necessary as long as both technologies are in use. The Federal Office for Customs and Border Security (FOCBS) is con- tributing around CHF 65 million to this technological development. Together with the Fed- eral Office for Civil Protection (FOCP), the Confederation is investing a total of around CHF 160 million in this project.
Full description
Swiss Federal Audit Office
, issued in 2024
Risk cases: $risks.size()
Homeland Security. Oversight of Neglected Human Resources Information Technology Investment Is Needed
Human resources IT investments get stuck in management's lack of interest Although the Human Resources Information Technology (HRIT) investment was initiated about 12 years ago with the intent to consolidate, integrate, and modernize the department's human resources IT infrastructure, the Department of Homeland Security (DHS) has made very limited progress in achieving these goals. HRIT's minimally involved executive steering committee during a time when significant problems were occurring was a key factor in the lack of progress. This is particularly problematic given that the department's ability to efficiently and effectively carry out its mission is significantly hampered by its fragmented human resources. DHS's ineffective management of HRIT, such as the lack of an updated schedule and a life-cycle cost estimate, also contributed to the neglect this investment has experienced. DHS will be limited in efficiently tracking and reporting accurate, comprehensive performance and learning management data across the organization, and could risk further implementation delays.
Full description
Human resources IT investments get stuck in management's lack of interest Although the Human Resources Information Technology (HRIT) investment was initiated about 12 years ago with the intent to consolidate, integrate, and modernize the department's human resources IT infrastructure, the Department of Homeland Security (DHS) has made very limited progress in achieving these goals. HRIT's minimally involved executive steering committee during a time when significant problems were occurring was a key factor in the lack of progress. This is particularly problematic given that the department's ability to efficiently and effectively carry out its mission is significantly hampered by its fragmented human resources. DHS's ineffective management of HRIT, such as the lack of an updated schedule and a life-cycle cost estimate, also contributed to the neglect this investment has experienced. DHS will be limited in efficiently tracking and reporting accurate, comprehensive performance and learning management data across the organization, and could risk further implementation delays.
Full description
US Government Accountability Office
, issued in 2016
Risk cases: 1
Audit of the key ICT project federal GEVER programme Federal Chancellery
During the first stage, two new GEVER (electronic records and process management) products were procured in an open WTO tender within the framework of the two-product strategy (federal GEVER WTO ... procurement project). CHF 1.6 million was spent on these. The departments and Federal Chancellery (departments/FCh) had to choose one of the two products within three months of the contract being awarded. ... ... Advanced process management system's cost-effectiveness and deadlines at risk ... Ever since 1990, sequential controls and file management have been part of the Federal Administration's IT landscape (GEVER business administration). Significant obstacles have to be overcome ... in order to ensure the successful creation and introduction of GEVER. Previous efforts did not have any widespread success and led to a diverse GEVER landscape. The federal GEVER project has now laid ... the foundations for simplification and centralisation.
Full description
During the first stage, two new GEVER (electronic records and process management) products were procured in an open WTO tender within the framework of the two-product strategy (federal GEVER WTO ... procurement project). CHF 1.6 million was spent on these. The departments and Federal Chancellery (departments/FCh) had to choose one of the two products within three months of the contract being awarded. ... ... Advanced process management system's cost-effectiveness and deadlines at risk ... Ever since 1990, sequential controls and file management have been part of the Federal Administration's IT landscape (GEVER business administration). Significant obstacles have to be overcome ... in order to ensure the successful creation and introduction of GEVER. Previous efforts did not have any widespread success and led to a diverse GEVER landscape. The federal GEVER project has now laid ... the foundations for simplification and centralisation.
Full description
Swiss Federal Audit Office
, issued in 2015
Risk cases: 2
Data security and positions with access to confidential information
This government wide audit on information security and positions with access to confidential information has been performed at all ministries ans for each ministry also at one of the agencies ... . The 2007 Civil Service Data Information Security Decree (in Dutch: VIR 2007) is the legal foundation of the first part of this audit (data security). The Security Screening Act (in Dutch: WVO ... Information Security Decree, eight organizations show scope for improvement and nine organizations show an unsatisfactory level of compliance with the 2007 Civil Service Data Information Security Decree. When ... ... Shortcomings in information security and in positions with access to confidential information ... Surprising weaknesses were revealed by the NCA in its Government-wide operational audit performed as part of the 2011 audit into the state of central government accounts: Poor quality of data ... protection policy and poor protection of information systems. Also, non vetted positions with access to confidential information.
Full description
This government wide audit on information security and positions with access to confidential information has been performed at all ministries ans for each ministry also at one of the agencies ... . The 2007 Civil Service Data Information Security Decree (in Dutch: VIR 2007) is the legal foundation of the first part of this audit (data security). The Security Screening Act (in Dutch: WVO ... Information Security Decree, eight organizations show scope for improvement and nine organizations show an unsatisfactory level of compliance with the 2007 Civil Service Data Information Security Decree. When ... ... Shortcomings in information security and in positions with access to confidential information ... Surprising weaknesses were revealed by the NCA in its Government-wide operational audit performed as part of the 2011 audit into the state of central government accounts: Poor quality of data ... protection policy and poor protection of information systems. Also, non vetted positions with access to confidential information.
Full description
Netherlands Court of Audits
, issued in 2012
Risk cases: 3
IT security in the Federal Administration
The SFAO has audited the Admin PKI – the basic infrastructure and offering for the issuing of digital certificates – within the Federal Office of Information Technology, Systems and Telecommunication ... (FOITT). The examination concentrated on assessing the development and current operation as well as future prospects. Admin PKI refers to all processes and the hardware and software needed for issuing ... certificates of different grades. ... Technical and organizational deficiencies work together against data security ... Only minor deficiencies were revealed in the Windows environment but only in case of Microsoft products.Providers' lack of both assertiveness and synergy adds to 'the great unknown' of authonomous ... entities' networks.
Full description
The SFAO has audited the Admin PKI – the basic infrastructure and offering for the issuing of digital certificates – within the Federal Office of Information Technology, Systems and Telecommunication ... (FOITT). The examination concentrated on assessing the development and current operation as well as future prospects. Admin PKI refers to all processes and the hardware and software needed for issuing ... certificates of different grades. ... Technical and organizational deficiencies work together against data security ... Only minor deficiencies were revealed in the Windows environment but only in case of Microsoft products.Providers' lack of both assertiveness and synergy adds to 'the great unknown' of authonomous ... entities' networks.
Full description
Swiss Federal Audit Office
, issued in 2011
Risk cases: 4
Oversight of law enforcement agencies - An audit of the Swedish Commission on Security and IntegrityProtection
The Swedish NAO audited Commission focusing on integrity across law enforcement agencies. Among findings were: lack of clarity on the administrative support it receives and a risk of tasks unbalanced with capacities. The Commission supervises the following law enforcement agencies; the Police Authority, the Swedish Security Service, the National Economic Crimes Bureau, the Swedish Prosecution Authority and the Swedish Customs Service. The activities of these agencies is to a great extent subject to secrecy and restricted transparency. Consequently, to maintain public confidence it is important that the activities are legally secure and that supervision is appropriate and effective.
Full description
The Swedish NAO audited Commission focusing on integrity across law enforcement agencies. Among findings were: lack of clarity on the administrative support it receives and a risk of tasks unbalanced with capacities. The Commission supervises the following law enforcement agencies; the Police Authority, the Swedish Security Service, the National Economic Crimes Bureau, the Swedish Prosecution Authority and the Swedish Customs Service. The activities of these agencies is to a great extent subject to secrecy and restricted transparency. Consequently, to maintain public confidence it is important that the activities are legally secure and that supervision is appropriate and effective.
Full description
Swedish National Audit Office
, issued in 2016
Risk cases: $risks.size()
Housing in England: overview
Efforts to support housing Even if housebuilding in England has not kept pace with need and there has been a reduction in social rented homes, significant advantages can be enjoyed: an increase in home ownership and in the number of private rented homes. The quality of housing improved in recent years too. The National Audit Office has reviewed critical elements of the housing being one of the government's key priorities. Looking for risks, they found that a potential conflict of objectives can lead to tensions in delivery.
Full description
Efforts to support housing Even if housebuilding in England has not kept pace with need and there has been a reduction in social rented homes, significant advantages can be enjoyed: an increase in home ownership and in the number of private rented homes. The quality of housing improved in recent years too. The National Audit Office has reviewed critical elements of the housing being one of the government's key priorities. Looking for risks, they found that a potential conflict of objectives can lead to tensions in delivery.
Full description
National Audit Office
, issued in 2017
Risk cases: 2
THE CYBER SECURITY ENVIRONMENT IN LITHUANIA
The purpose of the audit was to assess whether cyber security is being ensured in Lithuania. In view of this goal, we assessed whether: (1) an effective cyber security system has been set up; (2 ... ) cyber security is ensured in public establishments. During the audit, the SAI Lithuania analysed current regulation, strategic planning and management practices in the field of cyber security ... and electronic information security as well as the funds allocated and used in this area. The SAI evaluated whether the cyber security and electronic information security objectives detailed in planning documents ... ... Cyber-security is much more than preventing incidents ... SAI Lithuania determined that the issue of ensuring and increasing cyber security and resilience has not been effectively addressed at the national level. The focus has primarily been on reacting ... to and preventing incidents in cyber space, which means that traditional issues related to electronic information security (confidentiality, integrity, accessibility) have been neglected, and from 2015, not enough ... attention has been paid to development, legislation, improvement of organisational structure, etc. in this field.
Full description
The purpose of the audit was to assess whether cyber security is being ensured in Lithuania. In view of this goal, we assessed whether: (1) an effective cyber security system has been set up; (2 ... ) cyber security is ensured in public establishments. During the audit, the SAI Lithuania analysed current regulation, strategic planning and management practices in the field of cyber security ... and electronic information security as well as the funds allocated and used in this area. The SAI evaluated whether the cyber security and electronic information security objectives detailed in planning documents ... ... Cyber-security is much more than preventing incidents ... SAI Lithuania determined that the issue of ensuring and increasing cyber security and resilience has not been effectively addressed at the national level. The focus has primarily been on reacting ... to and preventing incidents in cyber space, which means that traditional issues related to electronic information security (confidentiality, integrity, accessibility) have been neglected, and from 2015, not enough ... attention has been paid to development, legislation, improvement of organisational structure, etc. in this field.
Full description
National Audit Office of the Republic of Lithuania
, issued in 2015
Risk cases: 6