Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Algemene Rekenkamer | Postbus 20015 | 2500 EA Den Haag Data security and positions with access to confidential information.

Published byAndra Leonard Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Algemene Rekenkamer | Postbus 20015 | 2500 EA Den Haag Data security and positions with access to confidential information."— Presentation transcript:

1 1 Algemene Rekenkamer | Postbus 20015 | 2500 EA Den Haag Data security and positions with access to confidential information

2 2 Agenda About the audit Audit approach Audit findings E-Government algorithm: Report Cases Titel van de presentatie | Datum

3 3 About the audit Part of the 2011 audit into the state of central government accounts We performed audits at all the ministries and one departmental agency into information security (  IS): Quality of data protection policy; Protection of data systems. We examined positions with access to confidential information at all the ministries. (  PCI) Audit start: October 2011 Audit publication: May 2012 URL: http://www.courtofaudit.nl/english/Publications/Audits/Introdu ctions/2012/05/Data_security_and_positions_with_access_to_c onfidential_information http://www.courtofaudit.nl/english/Publications/Audits/Introdu ctions/2012/05/Data_security_and_positions_with_access_to_c onfidential_information

4 4 Audit approach IS & PCI - Questionnaire

5 5 Audit approach IS - Questionnaire

6 6 Audit findings IS – Analysing results

7 7 Audit findings IS - Quality of data protection policy Most ministries and departmental agencies score badly in the following two respects: It is not clear who is responsible for which data systems and data chains. No regular reviews of data protection policy have been planned or performed.

8 8 Audit findings IS - Protection of data systems Poor scores in the two following areas in particular: No clear picture of the security risks associated with data systems; The overall package of reliability requirements and security measures is not reviewed at regular intervals.

9 9

10 10 'IT audits' - Matthijs Kerkvliet, The Netherlands Court of Audit 10/27 Audit approach PCI – Matching positions with actual number of security clearances ## == √ ##

11 11 Audit findings PCI - results

12 12 E-Government algorithm – The form

13 13 E-Government algorithm – Case IS: Quality of data protection policy

14 14 E-Government algorithm – Case IS: Protection of data systems - Open for discussion -

15 15 E-Government algorithm – Case IS: Positions with access to confidential information - Open for discussion -

16 16 Algemene Rekenkamer | Postbus 20015 | 2500 EA Den Haag www.rekenkamer.nl @rekenkamer www.linkedin.com/company/ algemene-rekenkamer

Download ppt "1 Algemene Rekenkamer | Postbus 20015 | 2500 EA Den Haag Data security and positions with access to confidential information."

Similar presentations

Tokyo, May 2008ERP / SAP in Public Administration, 17th Meeting of the IINTOSAI Standing Committee on IT Audit 1 SAP/ERP in Public Administration 17th.

Tokyo, May 2008ERP / SAP in Public Administration, 17th Meeting of the IINTOSAI Standing Committee on IT Audit 1 SAP/ERP in Public Administration 17th.
The JustPeople Model Making it work for you. The JustPeople model: How does it work? Why does it work? How could it work for you?

The JustPeople Model Making it work for you. The JustPeople model: How does it work? Why does it work? How could it work for you?
Funded by European Commission Andreas Hermsdorf / pixelio.de Toolbox Workshop: Cloud Security Scorecard.

Funded by European Commission Andreas Hermsdorf / pixelio.de Toolbox Workshop: Cloud Security Scorecard.
ISA 562 Information System Security

ISA 562 Information System Security
Dr Igors Ludboržs Member of the European Court of Auditors (ECA) INTOSAI Working Group on Public Debt Helsinki, 11 September 2012.

Dr Igors Ludboržs Member of the European Court of Auditors (ECA) INTOSAI Working Group on Public Debt Helsinki, 11 September 2012.
1/03/09 De 89 à 98. 1/03/09 De 89 à 98 1/03/09 De 89 à 98.

1/03/09 De 89 à 98. 1/03/09 De 89 à 98 1/03/09 De 89 à 98.
1 Karel Uhlir, Deputy Director – IT dep.

1 Karel Uhlir, Deputy Director – IT dep.
Linda Bounds Vice President of Financial Services.

Linda Bounds Vice President of Financial Services.
Asset Safety Risk Fez, Morocco 25 April 2012. © 2012 Thomas Murray Ltd. Page 2 PRIVATE AND CONFIDENTIAL Thomas Murray’s definition: ‘The risk that assets.

Asset Safety Risk Fez, Morocco 25 April © 2012 Thomas Murray Ltd. Page 2 PRIVATE AND CONFIDENTIAL Thomas Murray’s definition: ‘The risk that assets.
9 July 2008Evaluation of audit of PIFC systems1 Workshop on audit/evaluation of Public Internal Financial Control Systems (PIFC) Jurrie Vos.

9 July 2008Evaluation of audit of PIFC systems1 Workshop on audit/evaluation of Public Internal Financial Control Systems (PIFC) Jurrie Vos.
Audit Programme. Audit Assertions  As part of the planning stage, auditors need to prepare audit tests to test the account areas.  To assist the auditors.

Audit Programme. Audit Assertions  As part of the planning stage, auditors need to prepare audit tests to test the account areas.  To assist the auditors.
Isle of Wight Local Safeguarding Children Board Roles And Responsibilities.

Isle of Wight Local Safeguarding Children Board Roles And Responsibilities.
Development of the National Registries for GHG in the Czech Republic IREAS, Institute for Structural Policy Bonn, June 7, 2003 Eva Snajdrova.

Development of the National Registries for GHG in the Czech Republic IREAS, Institute for Structural Policy Bonn, June 7, 2003 Eva Snajdrova.
Audit Committee 14 April 2011 Project Management: Appendix 1 Presentation to Members.

Audit Committee 14 April 2011 Project Management: Appendix 1 Presentation to Members.
CIO Training Model Pravit Khaemasunun College of Innovation Thammasat University.

CIO Training Model Pravit Khaemasunun College of Innovation Thammasat University.
1 Algemene Rekenkamer | Postbus 20015 | 2500 EA Den Haag Data security and positions with access to confidential information.

1 Algemene Rekenkamer | Postbus | 2500 EA Den Haag Data security and positions with access to confidential information.
1 Algemene Rekenkamer | Postbus 20015 | 2500 EA Den Haag Audit of Public Private Partnerships Introduction and international Experiences Freek Hoek, Netherlands.

1 Algemene Rekenkamer | Postbus | 2500 EA Den Haag Audit of Public Private Partnerships Introduction and international Experiences Freek Hoek, Netherlands.
Financial Conglomerates, What are the Inherent Risks? 2006 CIAB Conference Port-of-Spain, Trinidad & Tobago November 16, 2006 Thordur Olafsson, CARTAC.

Financial Conglomerates, What are the Inherent Risks? 2006 CIAB Conference Port-of-Spain, Trinidad & Tobago November 16, 2006 Thordur Olafsson, CARTAC.
Private and Confidential. Levels of Identity Verification Is this person who they claim to be? Knowledge based Authentication Is this a real identity?

Private and Confidential. Levels of Identity Verification Is this person who they claim to be? Knowledge based Authentication Is this a real identity?
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Similar presentations

Ads by Google