1 Algemene Rekenkamer | Postbus 20015 | 2500 EA Den Haag Data security and positions with access to confidential information.

Slides:

Advertisements

Similar presentations

Tokyo, May 2008ERP / SAP in Public Administration, 17th Meeting of the IINTOSAI Standing Committee on IT Audit 1 SAP/ERP in Public Administration 17th.

Advertisements

The JustPeople Model Making it work for you. The JustPeople model: How does it work? Why does it work? How could it work for you?

Funded by European Commission Andreas Hermsdorf / pixelio.de Toolbox Workshop: Cloud Security Scorecard.

ISA 562 Information System Security

Dr Igors Ludboržs Member of the European Court of Auditors (ECA) INTOSAI Working Group on Public Debt Helsinki, 11 September 2012.

1/03/09 De 89 à 98. 1/03/09 De 89 à 98 1/03/09 De 89 à 98.

1 Karel Uhlir, Deputy Director – IT dep.

Linda Bounds Vice President of Financial Services.

Asset Safety Risk Fez, Morocco 25 April © 2012 Thomas Murray Ltd. Page 2 PRIVATE AND CONFIDENTIAL Thomas Murray’s definition: ‘The risk that assets.

9 July 2008Evaluation of audit of PIFC systems1 Workshop on audit/evaluation of Public Internal Financial Control Systems (PIFC) Jurrie Vos.

Audit Programme. Audit Assertions  As part of the planning stage, auditors need to prepare audit tests to test the account areas.  To assist the auditors.

Isle of Wight Local Safeguarding Children Board Roles And Responsibilities.

Development of the National Registries for GHG in the Czech Republic IREAS, Institute for Structural Policy Bonn, June 7, 2003 Eva Snajdrova.

Audit Committee 14 April 2011 Project Management: Appendix 1 Presentation to Members.

CIO Training Model Pravit Khaemasunun College of Innovation Thammasat University.

1 Algemene Rekenkamer | Postbus | 2500 EA Den Haag Data security and positions with access to confidential information.

1 Algemene Rekenkamer | Postbus | 2500 EA Den Haag Audit of Public Private Partnerships Introduction and international Experiences Freek Hoek, Netherlands.

Financial Conglomerates, What are the Inherent Risks? 2006 CIAB Conference Port-of-Spain, Trinidad & Tobago November 16, 2006 Thordur Olafsson, CARTAC.

Private and Confidential. Levels of Identity Verification Is this person who they claim to be? Knowledge based Authentication Is this a real identity?

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

How does the ECA assess Member States’ internal control systems? Workshop on Audit/Evaluation of Public Internal Financial Control Systems (PIFC) Ankara,

Business & Technology A safety & soundness perspective Information Meetings September / October 2004.

1 Algemene Rekenkamer | Postbus | 2500 EA Den Haag SAI Capacity Building in Fragile states.

Towards a European network for digital preservation Ideas for a proposal Mariella Guercio, University of Urbino.

1 Algemene Rekenkamer | Postbus | 2500 EA Den Haag Extractive industries, safety and the NCA Presentation at 2 nd WGEI meeting in Oslo 21 September.

1 Algemene Rekenkamer | Postbus | 2500 EA Den Haag Report to CBC Steering Committee from the IntoSAINT workstream 10 September 2015, Stockholm.

Estonian Experience Moving Towards Performance Budgeting and Related Auditing Issues Urmet Lee Audit Manager, Audit Department I National Audit Office.

Productivity programme Visa Paajanen National Audit Office of Finland

Stakeholder analysis for project design Ingvild Oia, Programme Specialist,UNDP Photo by: Konomiho/flickr.

ໂດຍ: ວິສອນ ໄຊສົງຄາມ ກົມຄຸ້ມຄອງສະຖາບັນການເງິນ, ທະນາຄານແຫ່ງ ສປປ ລາວ

College Reviews An Overview Presented by Howard Lutwak, CIA Director of Internal Audit January 2004.

1 Dutch performance information Hans Monnickendam Ministry of Finance The Netherlands Sydney June 2006.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.

Evaluating gifted and talented students January 2007.

Working Group # 5 - Report. Working Group #5 Principle #11 CSDs 1.What constitutes "compliance" with the Principle? Describe (in specific terms) the state.

Tax Administration Diagnostic Assessment Tool MODULE 11 “POA 9: ACCOUNTABILITY AND TRANSPARENCY”

Republic of Sudan Federal Ministry Of Health Thematic Area 5 progress Health Emergency Preperdness and Response.

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU The Changing Role of Parliament in the Budget Process The.

EUROPEAN COURT OF AUDITORS JULIA LINARES. BACKGROUND The European Court of Auditors was established by the Treaty of Brussels of 22 July The Court.

BUSINESS CLARITY ™ PCI – The Pathway to Compliance.

Fiduciary Responsibilities of the District. Fiduciary Duties of District Board Members One of the main responsibilities of board members is to maintain.

Finnish Cyber Security Strategy and its implementation 14 th October 2014, Београд Secretary General, Information Security Adviser Aku Hilve.

French public administration experience Yerevan, October 13th, Stéphan Roudil, CIA/CGAP, Rapporteur general of the Central harmonisation committee.

Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.

TCF: The Way Forward Nausicaa Delfas Head of Department FSA Freshfields client seminar 26 March 2009.

Financial Management and Control in the Dutch Public Sector Prague, March 24, 2016 Manfred van Kesteren.

。 33 投资环境 3 开阔视野提升竞争力。 3 嘉峪关市概况。 3 。 3 嘉峪关是一座新兴的工业旅游城市，因关得名，因企设市，是长城文化与丝路文化交汇点，是全国唯一一座以长城关隘命名的城市。嘉峪关关城位于祁连山、黑山之间。 1965 年建市，下辖雄关区、镜铁区、长城区，全市总面积 2935.

QREDIC ® Performance assessment programme for Orange suppliers GSSC/SCS/R&VM Version: 22 nd of May 2015.

This presentation has been IRM protected by policy.

Supervision on medical apps

Titel van de presentatie By Bart Janssen, managing HelloData

20 October 2015 Compliance audit Reporting.

Policies and Standards Governance

Steering Policy and Steering Systems

Auditee Comments Finally, auditor will ask auditees to comment on the performance of auditor. Auditor would have changes in his procedures as a result.

PEMPAL Internal Control Working Group– 45th IACOP Meeting

Draft OECD Best Practices for Performance Budgeting

Rules within an Enterprise

برنامه‌ريزي منابع انساني

Technical Cooperation Program Mexico-Canada: Performance Budgeting Agenda UNDERSECRETARY OF EXPENDITURE 1.

Security Awareness Training: Data Owners

Intosai internal control standards committee François-Roger Cazala

Insurance Supervision Board Ministry of Treasury and Finance

Session 5: Comments on Accounting and Reporting Issues

PIFC Relationships Internal Audit – External Audit – Financial Inspection – Feed back from France The key players within the French administration Executive.

Risk-based supervision in the Netherlands

Incident recording and reporting

Интерпретация және зерттеу нәтижесін өңдеу

Online Safety Assembly 2019

Presentation transcript:

1 Algemene Rekenkamer | Postbus | 2500 EA Den Haag Data security and positions with access to confidential information

2 Agenda About the audit Audit approach Audit findings E-Government algorithm: Report Cases Titel van de presentatie | Datum

3 About the audit Part of the 2011 audit into the state of central government accounts We performed audits at all the ministries and one departmental agency into information security (  IS): Quality of data protection policy; Protection of data systems. We examined positions with access to confidential information at all the ministries. (  PCI) Audit start: October 2011 Audit publication: May 2012 URL: ctions/2012/05/Data_security_and_positions_with_access_to_c onfidential_information ctions/2012/05/Data_security_and_positions_with_access_to_c onfidential_information

4 Audit approach IS & PCI - Questionnaire

5 Audit approach IS - Questionnaire

6 Audit findings IS – Analysing results

7 Audit findings IS - Quality of data protection policy Most ministries and departmental agencies score badly in the following two respects: It is not clear who is responsible for which data systems and data chains. No regular reviews of data protection policy have been planned or performed.

8 Audit findings IS - Protection of data systems Poor scores in the two following areas in particular: No clear picture of the security risks associated with data systems; The overall package of reliability requirements and security measures is not reviewed at regular intervals.

9

10 'IT audits' - Matthijs Kerkvliet, The Netherlands Court of Audit 10/27 Audit approach PCI – Matching positions with actual number of security clearances ## == √ ##

11 Audit findings PCI - results

12 E-Government algorithm – The form

13 E-Government algorithm – Case IS: Quality of data protection policy

14 E-Government algorithm – Case IS: Protection of data systems - Open for discussion -

15 E-Government algorithm – Case IS: Positions with access to confidential information - Open for discussion -

16 Algemene Rekenkamer | Postbus | 2500 EA Den Haag algemene-rekenkamer