142
results found in
25 ms
Page 14
of 15
Information Technology Cost Estimation Agencies Need to Address Significant Weakness in Policies and Practices
To estimate reliable cost for the sucess of an IT program by providing the basis for the informed decision making and realistic budget information. To assess the extent to which selected departments ... and agencies have appropriately implement costestimating policies an procedures(four caracteristics of a reliable cost estimation: comprehensive, well-documented, accurate, credible). ... IT cost estimation ... Check out what may go wrong with the information technology cost estimation. Results of the US GAO audit can help to identify high risk areas: comprehensiveness of estimations, their documentation ... , lack of adequacy and inadequate implementation.
Full description
To estimate reliable cost for the sucess of an IT program by providing the basis for the informed decision making and realistic budget information. To assess the extent to which selected departments ... and agencies have appropriately implement costestimating policies an procedures(four caracteristics of a reliable cost estimation: comprehensive, well-documented, accurate, credible). ... IT cost estimation ... Check out what may go wrong with the information technology cost estimation. Results of the US GAO audit can help to identify high risk areas: comprehensiveness of estimations, their documentation ... , lack of adequacy and inadequate implementation.
Full description
General Accountability Office
, issued in 2012
Risk cases: 4
Information security work at nine agencies
Difficulties in achieving appropriate IT security Together with the Swedish NAO we assume that the picture that emerges at the agencies audited applies also to most of the other agencies in the public administration. The information security work is not given high enough priority in relation to the risks that exist. This applies to both the Government, which should have been clearer in its directions to agencies on this matter, and to agency managements, which did not give priority to the work of information security to the extent required. Much indicates that it is difficult for many agencies to achieve an appropriate level of information security work.
Full description
Difficulties in achieving appropriate IT security Together with the Swedish NAO we assume that the picture that emerges at the agencies audited applies also to most of the other agencies in the public administration. The information security work is not given high enough priority in relation to the risks that exist. This applies to both the Government, which should have been clearer in its directions to agencies on this matter, and to agency managements, which did not give priority to the work of information security to the extent required. Much indicates that it is difficult for many agencies to achieve an appropriate level of information security work.
Full description
Swedish National Audit Office
, issued in 2016
Risk cases: 4
Parallel Audit on Biometric Passports - Overall Results (anonymised)
A biometric passport (or ePassport) contains biometric information which serves to authenticate the identity of travellers. Biometric passport management is the process of establishing ... and implementing the regulation on standards for security features and biometrics in passports and travel documents issued by the member states. The aim is to develop and maintain efficient and secure biometric ... passport production procedures (see page 5). ... EUROSAI ITWG: Parallel Audit on Biometric Passports ... Swiss SAI summed up results of audits concluded in seven countries (Belgium, Latvia, Lithuania, Norway, Portugal, Switzerland). The evaluation of the reported results showed that the overall passport ... process is generally under control while a couple of high-risk findings were identified in the non-process-specific assessments. In the non-process-specific assessments, most of the countries found ... deficiencies and weaknesses related to the IS/IT system and the IT management. Medium risks have been identified in the area of laws and regulations, cost-benefit realisation and transparency, as well
Full description
A biometric passport (or ePassport) contains biometric information which serves to authenticate the identity of travellers. Biometric passport management is the process of establishing ... and implementing the regulation on standards for security features and biometrics in passports and travel documents issued by the member states. The aim is to develop and maintain efficient and secure biometric ... passport production procedures (see page 5). ... EUROSAI ITWG: Parallel Audit on Biometric Passports ... Swiss SAI summed up results of audits concluded in seven countries (Belgium, Latvia, Lithuania, Norway, Portugal, Switzerland). The evaluation of the reported results showed that the overall passport ... process is generally under control while a couple of high-risk findings were identified in the non-process-specific assessments. In the non-process-specific assessments, most of the countries found ... deficiencies and weaknesses related to the IS/IT system and the IT management. Medium risks have been identified in the area of laws and regulations, cost-benefit realisation and transparency, as well
Full description
Swiss Federal Audit Office
, issued in 2015
Risk cases: 4
Use of European Union funds in promoting information society
The National Audit Office audited the use of the aid allocated from the structural funds of the European Union (hereinafter EU aid) in the information technology (IT) area of the state. The National ... Audit Office checked whether the distribution of funds for the development of the information society has been balanced and transparent, and whether the distribution of aid is adequately supervised ... . Balanced distribution of aid means that development of the information society entails paying attention (and ideally providing proportional funding) to information systems aimed at the public sector, private ... Riigikontroll auditeeris Euroopa Liidu struktuurifondidest ehk tõukefondidest eraldatud toetuste (edaspidi ELi toetusraha) kasutamist riigi infotehnoloogia (IT) valdkonnas. Uuriti, kas raha jagamine ... infoühiskonna arendamise eesmärgil on olnud tasakaalustatud ja läbipaistev ning kas toetuste jagamise üle tehakse piisavat järelevalvet. Riigikontrolli hinnangul on riik infoühiskonna arengukava rakendamiseks ... toetuste jagamisel keskendunud liiga riigile suunatud IT-arenduste rahastamisele ning jätnud tagaplaanile ettevõtete konkurentsivõime parandamisele ja kolmandale sektorile suunatud IT arendusprojektide ... Balance needed for success of Information Society Development Plan ... 50% of aid has been granted primarily for the development of information systems of state agencies, i.e. as much as the other two target groups - business and citizens - put together. Information ... , true suppervision and measurement of progress are listed by the Estonian SAI as next key elements necessary to keep balanced development of strategy for Information Society.
Full description
The National Audit Office audited the use of the aid allocated from the structural funds of the European Union (hereinafter EU aid) in the information technology (IT) area of the state. The National ... Audit Office checked whether the distribution of funds for the development of the information society has been balanced and transparent, and whether the distribution of aid is adequately supervised ... . Balanced distribution of aid means that development of the information society entails paying attention (and ideally providing proportional funding) to information systems aimed at the public sector, private ... Riigikontroll auditeeris Euroopa Liidu struktuurifondidest ehk tõukefondidest eraldatud toetuste (edaspidi ELi toetusraha) kasutamist riigi infotehnoloogia (IT) valdkonnas. Uuriti, kas raha jagamine ... infoühiskonna arendamise eesmärgil on olnud tasakaalustatud ja läbipaistev ning kas toetuste jagamise üle tehakse piisavat järelevalvet. Riigikontrolli hinnangul on riik infoühiskonna arengukava rakendamiseks ... toetuste jagamisel keskendunud liiga riigile suunatud IT-arenduste rahastamisele ning jätnud tagaplaanile ettevõtete konkurentsivõime parandamisele ja kolmandale sektorile suunatud IT arendusprojektide ... Balance needed for success of Information Society Development Plan ... 50% of aid has been granted primarily for the development of information systems of state agencies, i.e. as much as the other two target groups - business and citizens - put together. Information ... , true suppervision and measurement of progress are listed by the Estonian SAI as next key elements necessary to keep balanced development of strategy for Information Society.
Full description
National Audit Office of Estonia
, issued in 2012
Risk cases: 2
Cost-intensive data centres stood idle for years
Idle data centres As found by the German SAI, some of costly Federal data centres stood largely idle. The Ministry failed to adequately assess the project risks. The Ministry needs to avoid similar shortcomings in the proposed federal IT consolidation project.
Full description
Idle data centres As found by the German SAI, some of costly Federal data centres stood largely idle. The Ministry failed to adequately assess the project risks. The Ministry needs to avoid similar shortcomings in the proposed federal IT consolidation project.
Full description
Bundesrechnungshof
, issued in 2016
Risk cases: 1
Open Government Data - Are all exceptions to the principle of cost-free access and reuse legitimate?
The United Kingdom, a country seen, like the United States, as a pioneer in open public data, has estimated at £6.8bn (€7,9bn) the revenue in 2010 and 2011 generated for British society by open ... public data, of which £5bn (€5.8bn) is profit. As an example, a start-up has highlighted the existence of areas in which massive savings can be made by analysing prescriptions of patented drugs ... and the corresponding generics.<br/> Such possibilities are not beyond reach for France, which is not only deemed to be among the pioneers but also one of the countries making the most rapid progress in this domain ... ... Open data strategy should decide the costs problem ... French Cour des comptes presents analysis on implementation of the open data practice across the administration. Massive savings are expected, when public access to large amounts of highquality data ... is made easy. France is among the pioneers and countries making the most rapid progress in this domain. Charges for the reuse of the public information has been identified as the main problem.
Full description
The United Kingdom, a country seen, like the United States, as a pioneer in open public data, has estimated at £6.8bn (€7,9bn) the revenue in 2010 and 2011 generated for British society by open ... public data, of which £5bn (€5.8bn) is profit. As an example, a start-up has highlighted the existence of areas in which massive savings can be made by analysing prescriptions of patented drugs ... and the corresponding generics.<br/> Such possibilities are not beyond reach for France, which is not only deemed to be among the pioneers but also one of the countries making the most rapid progress in this domain ... ... Open data strategy should decide the costs problem ... French Cour des comptes presents analysis on implementation of the open data practice across the administration. Massive savings are expected, when public access to large amounts of highquality data ... is made easy. France is among the pioneers and countries making the most rapid progress in this domain. Charges for the reuse of the public information has been identified as the main problem.
Full description
Cour des comptes
, issued in 2013
Risk cases: 1
Cyber Attacks: Securing Agencies’ICT Systems
Cyber crime is an international problem, and it is estimated that in 2012, 5.4 million Australians fell victim to such crimes, with an estimated cost to the economy of $1.65 billion ... . In the government sector, the Australian Signals Directorate (ASD)3 has estimated that between January and December 2012, there were over 1790 security incidents against Australian Government agencies. Of these, 685 ... were considered serious enough to warrant a Cyber Security Operations Centre response. <br/> The protection of Australian Government systems and information from unauthorised access and use is a key ... ... Cyber-security strategy needs consistent implementation and periodic reviews ... List of 35 mitigation controls against cyber intrusions are a basic tool of information security strategy of the Australian Government. Top four are: 1. application whitelisting, 2. patching ... application, 3. patching operating systems, 4. minimising administrative privileges. Analysis by the ANAO helps to fill gaps and to direct next steps.
Full description
Cyber crime is an international problem, and it is estimated that in 2012, 5.4 million Australians fell victim to such crimes, with an estimated cost to the economy of $1.65 billion ... . In the government sector, the Australian Signals Directorate (ASD)3 has estimated that between January and December 2012, there were over 1790 security incidents against Australian Government agencies. Of these, 685 ... were considered serious enough to warrant a Cyber Security Operations Centre response. <br/> The protection of Australian Government systems and information from unauthorised access and use is a key ... ... Cyber-security strategy needs consistent implementation and periodic reviews ... List of 35 mitigation controls against cyber intrusions are a basic tool of information security strategy of the Australian Government. Top four are: 1. application whitelisting, 2. patching ... application, 3. patching operating systems, 4. minimising administrative privileges. Analysis by the ANAO helps to fill gaps and to direct next steps.
Full description
The Australian National Audit Office
, issued in 2014
Risk cases: 3
Management of Police Information Resources
Police tasks of the necessary data are processed departmental registers, information systems, automated data processing systems and networks where information is stored, processed and transferred ... to the classified information. The police department has all of these information resources, so the audit focused on the activities and actions of the Department to ensure planning and organizing of the recourses ... , monitoring, evaluation and coordination and other aspects of registers and IS strategic management. The audited period was 2012-2014. For the analysis, there were used previous data and data of 2015 ... ... Fundamentals of IT organisation ... Review by SAI Lithuania makes readers aware that nowadays it is difficult to develop a larger IT system without whole conceptual infrastracture: planning composed into strategy of the organisation ... and well understood architecture of information. Well functioning IT management structures, which on the other hand may sound trivial, were proved here as the key to success.
Full description
Police tasks of the necessary data are processed departmental registers, information systems, automated data processing systems and networks where information is stored, processed and transferred ... to the classified information. The police department has all of these information resources, so the audit focused on the activities and actions of the Department to ensure planning and organizing of the recourses ... , monitoring, evaluation and coordination and other aspects of registers and IS strategic management. The audited period was 2012-2014. For the analysis, there were used previous data and data of 2015 ... ... Fundamentals of IT organisation ... Review by SAI Lithuania makes readers aware that nowadays it is difficult to develop a larger IT system without whole conceptual infrastracture: planning composed into strategy of the organisation ... and well understood architecture of information. Well functioning IT management structures, which on the other hand may sound trivial, were proved here as the key to success.
Full description
National Audit Office of the Republic of Lithuania
, issued in 2015
Risk cases: 4
Is Cybercrime Combated Effectively
Good coordination needed to fight cybercrime SAI Lithuania noticed that with the growing amount of cybercrimes, the society must be prepared to recognise the threats of cybercrime and be able to protect itself from them. There is a number of forces capable of preventing and investigating this type of crime, but auditors identified shortcomings in cybercrime prevention and investigation processes, starting from lack of common taxonomy and criteria.
Full description
Good coordination needed to fight cybercrime SAI Lithuania noticed that with the growing amount of cybercrimes, the society must be prepared to recognise the threats of cybercrime and be able to protect itself from them. There is a number of forces capable of preventing and investigating this type of crime, but auditors identified shortcomings in cybercrime prevention and investigation processes, starting from lack of common taxonomy and criteria.
Full description
National Audit Office of the Republic of Lithuania
, issued in 2020
Risk cases: 6
The protection of research data at the Danish universities
The protection of research data at the Danish universities It is Rigsrevisionen’s assessment that the five largest universities are not adequately protecting their research data against unknown IT equipment. As a result, foreign actors may relatively easy gain unauthorized access to the universities’ research data.This is not considered satisfactory by Rigsrevisionen. The study shows that the five largest universities have defined guidelines for researchers’ use of software and hardware centrally, but that they have failed to centralise efforts to maintain a satisfactory level of security for research data. This is due mainly to the fact that, at some universities, researchers are allowed to bring their own devices,and at all the universities, researchers are allowed to have local administrator privileges, which gives them access to install software. Additionally, all five universities know of incidents where unknown hardware has been connected to their network.
Full description
The protection of research data at the Danish universities It is Rigsrevisionen’s assessment that the five largest universities are not adequately protecting their research data against unknown IT equipment. As a result, foreign actors may relatively easy gain unauthorized access to the universities’ research data.This is not considered satisfactory by Rigsrevisionen. The study shows that the five largest universities have defined guidelines for researchers’ use of software and hardware centrally, but that they have failed to centralise efforts to maintain a satisfactory level of security for research data. This is due mainly to the fact that, at some universities, researchers are allowed to bring their own devices,and at all the universities, researchers are allowed to have local administrator privileges, which gives them access to install software. Additionally, all five universities know of incidents where unknown hardware has been connected to their network.
Full description
National Audit Office of Denmark
, issued in 2018
Risk cases: 3