PHOENIX — Auditors news anticipating countless problems and shortcomings that emanate vulnerabilities for services supposing by a categorical mechanism bureau of Arizona’s state government.

The Data Center of a Department of Administration provides support for many core functions of state government, including accounting and crew systems.

The Auditor General’s Office says it found a Data Center lacks an adequate devise to redeem from disasters and has not broadly assessed confidence threats given 2006.

Auditors also news anticipating active user accounts for dozens of consummated employees, including several with remote-access privileges and one with high-level executive privileges. The news says that could outcome in risk of burglary or injustice of trusted information.

A response by Administration Director Scott Smith agrees to a commentary and promises to exercise auditors’ recommendations for improvements.

(Story distributed by The Associated Press)

Article source: http://www.therepublic.com/view/story/108b75aea36f42149b5ee2280a740abc/AZ--State-Computer

VICTORIA — B.C.’s auditor ubiquitous is warning that a array of digital gaps in a province’s endless network of mechanism systems is putting a supervision during risk.

Auditor John Doyle expelled a news Tuesday that found 30 per cent of issues identified by supervision managers describe to information technology.

It found that supportive information wasn’t always sufficient protected, clever passwords weren’t always used and there were other holes that could open adult agencies to fraud.

Other problems enclosed disaster to frequently behind adult information and a odds some organizations competence not be means to brand and solve threats on a timely basis.

Doyle says a open expects information and services to be delivered electronically, that creates IT confidence a “serious responsibility� for a open sector.

The news was gathered by a examination of 154 letters from managers and found “weaknesses� opposite all areas of supervision computing systems.

Article source: http://www.theprovince.com/technology/government+computer+networks+risk+auditor+finds/6913607/story.html

The Libra magistrates’ courts box supervision complement has contributed to a inability of HM Courts Service to furnish simple financial information to support a accounts, according to a news from a National Audit Office (NAO).

The courts use uses Libra, and information constructed by internal military forces’ IT systems, to yield a auditor with accounts of a revenues it collects from fines, lien orders and penalties. On receipt of cash, for example, a courts use uses Libra to record a remuneration opposite a chairman on whom a excellent was imposed.

A identical complement operates during a courts service’s bound chastisement offices, regulating information from military forces, formed predominantly on a Vehicle Procedures and Fixed Penalty Office system.

Amyas Morse, conduct of a NAO, said: “Because of stipulations in a underlying systems, HM Courts Service has not been means to yield me with correct accounting annals relating to a collection of fines, lien orders and penalties. we have therefore disclaimed my review opinion on a trust matter accounts.”

The auditor pronounced a Ministry of Justice (MoJ), a courts service’s primogenitor department, skeleton to demeanour during a functionality of Libra.

The MoJ pronounced that improvements to a accounts for bound penalties are doubtful until a stream Vehicle Procedures and Fixed Penalty Office IT complement is transposed with Pentip.

Morse said: “I acquire a serve stairs designed by a courts use and Ministry of Justice to urge a justification on a financial position relating to fines, lien orders and penalties. However, we recognize that they and other supervision bodies face poignant hurdles in improving a border of accessible information and on shortening a turn of superb debt.”

The cost of Libra was £444m, and services charges of some £10m a year. The complement is now run by Fujitsu, though a strange supplier, ICL, estimated a cost during £146m over 11 years when behest for a plan in May 1998. ®

This essay was creatively published during Guardian Government Computing.

Guardian Government Computing is a business multiplication of Guardian Professional, and covers a latest news and research of open zone technology. For updates on open zone IT, join a Government Computing Network here.

Article source: http://www.theregister.co.uk/2011/12/18/court_it_fail/

By Peter H. Milliken

milliken@vindy.com

YOUNGSTOWN

Two Mahoning County officials contend they wish a county to have a singular jail- government information system, though a policeman is endangered about safeguarding trusted law-enforcement data.

“The new record will interface by formulating an e-justice system,” a complement for law coercion personnel, prosecutors and judges, County Auditor Michael V. Sciortino told county commissioners Thursday.

Sciortino pronounced he doesn’t wish a county to risk losing a $300,000 U.S. Department of Justice extend it perceived in 2009 for this project.

The county already has broadband links between a buildings and City Hall, where metropolitan probity is located, that will make this plan possible, he said.

The complement would be integrated with a Courtview mechanism complement already used in a internal courts, and it would be accessible to judges on their bench-top computers, Scior- tino said. It would concede research of lengths of jail stays, invalid and rapist charges and invalid recover orders.

The complement would assistance judges make sentencing decisions, let them know when a rapid hearing deadline is approaching, and assistance forestall unnecessarily prolonged pretrial invalid stays that throng a county jail, he added.

“We’re not going to have dual opposite mechanism systems,” pronounced John A. McNally IV, authority of a county commissioners.

“I’m not in preference of a apart complement that a sheriff’s dialect deals with and afterwards requires a courts to understanding with a apart complement to guard some of these invalid issues,” McNally said. “If it’s issues of security, those issues can be worked out,” McNally added.

The need for such a complement was demonstrated by a 2006 investigate of a county’s rapist probity complement by a National Institute of Corrections, that pronounced a county has “an dull analytic capability” in a probity system, Sciortino said.

“The approach it is due by a sheriff’s dialect to discharge this routine is a stand-alone island in a probity core administering their possess program. That is not what e-justice is about. That is not what this extend is about,” Sciortino said.

“I’m not going to share personal information with anybody though my department, my investigators. It’s really sensitive. When it becomes non-classified, I’ll share it with anybody else,” pronounced Sheriff Randall A. Wellington.

The policeman tangible personal information as that that pertains to ongoing investigations.

The county already protects trusted information on adoption annals and customer information kept by a county’s mental-health and children services boards, pronounced Carol McFall, arch emissary county auditor.

“There are a lot of organizations in this county who have really special information that has to be protected, and they are all underneath a county’s domain,” she concluded.

Article source: http://www.vindy.com/news/2011/jul/29/sheriff-wary-of-unified-computer-system/

Change in IT is constant. Yet such change begs an critical question: Is cloud
computing unequivocally as disruptive as vendors would have we believe? Or is it only another
evolution in a prolonged fibre of improvements to get a pursuit done?

Many IT auditors demonstrate genuine concerns about control and corroboration in a cloud — an
approach whose value is driven by a pity of resources. Whether gossip or fact, these fears are
warranted. Cloud computing represents another step toward a destiny where fewer people conduct more
computers. It wasn’t too prolonged ago that 25:1 was an excusable ratio for a series of computers one
administrator could support. Automation has compounded this number, and as a ratio rises, the
number of administrators compulsory declines.

An evidence exists, however, that a conflicting binds loyal for IT auditors. A organisation of people
long (and inappropriately) vilified as station in a approach of new technologies, a auditor’s
responsibilities indeed turn some-more valued as businesses change services into a cloud.

There’s no improved time to be an IT auditor.

The resources we possess in a private cloud…
Today, 3 opposite forms of cloud are ordinarily recognized: private, open and hybrid cloud.
While opposite vendors use opposite denunciation to report each, a executive thesis is that a private
cloud is combined atop resources we own.

More on private cloud:

Preparing
for private cloud construction

Tools
to clear private cloud’s potential

Three
tips for relocating brazen with private cloud

Most enterprises competence already have a private cloud, maybe but even meaningful it. Many of
private cloud’s basic components already exist in your information core currently — servers and
storage, hypervisors and hypervisor supervision tools, virtual machine bucket balancing and high accessibility technologies, even the
self-service components that expostulate private cloud’s apparatus provisioning.

If your information core already contains these resources, it’s expected you’re auditing their
configurations. You have review skeleton for handling systems, applications underneath supervision and
hardware configurations. What your review module might be blank are a configurations within the
virtual platform.

Organizations like a Information Systems Audit and Control Association (ISACA) and even the
U.S. sovereign supervision have grown template review skeleton for a virtualization technologies private cloud relies on. Look there for superintendence on
what make clarity for your line of business.

…And a resources we don’t possess in a private cloud
Focusing on businessman technologies represents an effective starting indicate for private cloud.
Recognizing that private cloud’s basic components — and a superintendence to review them — likely
already exist should be comforting. That calm mostly turns to fear once IT services leave the
protected proportions of a local area network.

While a private cloud is assembled atop resources your business owns, a public
cloud delivers services atop resources we don’t. This miss of tenure really apparently introduces
complexity into a auditing process. With many open cloud services, we simply can’t travel into a
facility and direct to determine configurations. That’s not how services work.

Methodologies exist for auditing outmost services. Take a mystique out of open cloud and
you’ll fast find zero some-more than an outmost IT service. Such a service, from an auditing
requirements perspective, isn’t really opposite than other business services. There are auditing
requirements for accountants, only as there are for financial or even selling in some industries.
In fact, a auditing fortify itself has concluded on a Statement on Auditing Standards No. 70
(SAS 70) and a new Statement on Standards for Attestation Engagements No. 16 (SSAE 16) as AICPA
standards for verifying a practices of use organizations.

Ensure your open cloud provider has met a SAS 70 or SSAE 16 audit, and you’re good down the
road toward verifying practices. Do a same for attention law requirements, such as HIPAA
and PCI DSS, and you’ve taken a required stairs in behaving your due diligence.

Converting skeptics to a cloud
The auditor’s pursuit is ensuring that ongoing practices sojourn in compliance. Protecting your
business’ supportive information and guileless others to do a same is positively important. Whether
verifying first-hand a resources we own, or evaluating a verifications of others in a delivery
of services, it is a doubtful IT auditor who stands to benefit a most.

As a attention continues to welcome a fast-moving cloud, staying forward of that verification
becomes your many critical task. And it creates your pursuit that most some-more valuable.

ABOUT THE AUTHOR:
Greg Shields, Microsoft MVP, is a partner during Concentrated Technology. Get some-more of Greg’s
Jack-of-all-trades tips and tricks during www.ConcentratedTech.com.

This was initial published in Jul 2011

Article source: http://www.pheedcontent.com/click.phdo?i=bd9530a2bcea46d1a3a63ce33ccdbe15

The Western Australia Auditor General, Colin Murphy, has identified poignant vulnerabilities to cyber threats in all of a agencies examined for his 2011 Information Systems Audit Report.

According to the report (PDF) “benign cyber attacks” were carried out on 15 exam agencies — including a Department of a Attorney General, a Department of Education, and a Department of Health —via a internet while USB inclination containing program that would ‘phone home’ and send network specific information opposite a Internet if plugged in and activated were also sparse opposite a agencies to exam their staff.

The Auditor General’s office, that also assessed either a 15 agencies had configured their IT systems and had ancillary policies and processes in place to detect, control and reasonably respond to cyber attacks, found critical weaknesses in security.

“None of a agencies we tested had adequate systems or processes in place to detect, control or reasonably respond to a cyber attack,” a news reads.

“Only one group rescued a attacks. The disaster of many agencies to detect a attacks was a sold regard given that a collection and methods we used in a tests were unsophisticated.”

The review also found 14 of a 15 agencies tested unsuccessful to detect, forestall or respond to a office’s antagonistic scans of their internet sites. These scans identified countless vulnerabilities that could be exploited to benefit entrance to their inner networks and information.

“We accessed a inner networks of 3 agencies but detection, regulating identified vulnerabilities from a scans,” a news reads. “We were afterwards in a position to read, change or undo trusted information and manipulate or close down systems. We did not exam a identified vulnerabilities during a other 12 agencies.”

The news also remarkable that 8 agencies plugged in and activated a USBs a Auditor General bureau had placed. These inclination subsequently sent information behind to a bureau around a Internet.

“This form of conflict can yield ongoing unapproved entrance to an agency
network and is intensely formidable to detect once it has been established,” a news reads. “Failure to take a risk-based proceed to identifying and handling cyber threats and to accommodate or exercise good use superintendence and standards for mechanism confidence has left all 15 agencies vulnerable.”

The news serve records that a bureau was means to crack a confidence of these agencies notwithstanding a infancy of them recently profitable confidence contractors adult to $75 000 to control invasion tests on their infrastructure.

“Some agencies were doing these tests adult to 4 times a year,” a news reads. “In a deficiency of a broader comment of vulnerabilities, invasion tests alone are of singular value, as a contrast demonstrated.”

Follow Tim Lohman on Twitter: @Tlohman

Follow Computerworld Australia on Twitter: @ComputerworldAU

Article source: http://www.computerworld.com.au/article/390248/wa_auditor_general_finds_significant_security_vulnerabilities_governemnt_agencies_/

BY BRENDAN CONWAY AND MELODIE WARNER

The financial-technology association that final week became a latest Chinese batch to see a U.S.-listed shares halted pronounced Monday that a financial arch and auditor both quiescent and that a Securities and Exchange Commission has non-stop an exploration into vague auditing matters.

Longtop Financial Technologies Ltd. pronounced in a news recover that Chief Financial Officer Derek Palaschuk submitted his abdication and that auditor Deloitte Touche Tohmatsu CPA Ltd. …

Article source: http://online.wsj.com/article/SB10001424052702304520804576341532287377102.html

AUSTIN, Texas
— Gov. Rick Perry’s record account would be theme to some-more inspection and burden underneath legislation authorized by Texas senators Thursday meant to residence concerns from a state auditor about a fund’s management.

The opinion comes in response to statewide complaints and a extensive news from State Auditor John Keel criticizing a governor’s bureau for not opening to a open decisions associated to a Emerging Technology Fund and a recipients.

The fund, that awards income to universities and start-up companies with earnest technology, came underneath glow after reports that millions went to companies with investors who were allies of a governor.

The check by Sen. Mike Jackson, R-La Porte, would need an advisory house to record annual financial statements and news a sum volume of awards given any year. The auditor’s news found that once a extend is given, there is small monitoring of how a income is spent and no one gripping tabs on a recipient’s performance.

The check adds dual members of a House and dual members of a Senate to a advisory committee, with a other 13 members allocated by Perry.

The Senate legislation requires a governor’s bureau to annually value a state’s investments in tie with an endowment from a fund.

The auditor’s news also settled that there has been no unchanging process for evaluating applications for grants. Jackson’s check would need rapist story credentials checks, credit checks and information from a Security Exchange Commission to be deliberate when a association relates for income from a grant.

Minutes from cabinet meetings would also have to be available in a unchanging way.

Jackson pronounced he enclosed all of a auditor’s suggestions that were possibly into his bill.

“We wish to make certain that above all, they are being fair, open and honest,” he said. “When everybody in a state feels gentle that they know how and what we’re doing, they’ll be means to support a account fully.”

Article source: http://www.chron.com/disp/story.mpl/ap/tx/7562539.html

No one’s minding a candy store.

That’s radically a end of an 80-page report, expelled recently by a state auditor’s office, into a operations of a Emerging Technology Fund. That account was combined in 2005 and has doled out some-more than $300 million of taxpayer income given then.

The thought behind a fund, as I’ve pronounced before, is a good one. The state provides appropriation for startup companies with earnest record that aren’t means to get financing elsewhere. Given a default of try collateral accessible in a state, it doesn’t seem like such a bad idea.

Sure, some of a companies that get income will destroy — and some have – yet if we’re critical about formulating jobs and bolstering a state economy, that account ought to be a improved choice for taxpayers than a sister operation, a Texas Enterprise Fund.

That reservoir of income is thrown during companies to get them to immigrate here. They’re ostensible to accommodate certain pursuit origination goals, yet many of them haven’t, and many of a biggest awards indeed went to state universities, as I’ve created before.

Unfortunately, a Emerging Technology Fund is tormented by a possess mismanagement, according to a state auditor’s findings.

The fund’s awards are ostensible to be screened by a 17-member advisory house done adult of tech attention volunteers. Gov. Rick Perry, Lt. Gov. David Dewhurst and House Speaker Joe Strauss are ostensible to approve a investments formed on a board’s recommendations.

Meetings are closed

The auditor’s news found that a advisory cabinet has no unchanging policies for commendatory grants. To make matters worse, a cabinet binds sealed meetings, keeps no mins or other support and has a hairy conflict-of-interest policy, a news found.

The auditor endorsed that cabinet members be compulsory to record annual financial statements and should be taboo from investing with or being paid by companies that accept income from a fund.

That, of course, would seem like a simple routine for a row that recommends how taxpayer income should be spent. It’s simply overwhelming that 6 years into this exercise, it’s usually now being suggested.

The auditor’s bureau also found that once a extend is made, there’s small slip of a recipients’ opening or how a income is being spent.

In a response to a audit, Perry’s bureau pronounced it would adopt some of a recommendations, yet it resisted improving a clarity around a advisory committee.

It cited a “legitimate need for confidentiality” per some of a companies that request for funds. It also resisted disclosing information about companies that are denied grants, observant that it could spirit investors, business and vendors about a company’s prospects for staying in business.

Protecting a confidentiality of field seems reasonable, yet usually if a slip of a extend routine is pure and conflicts of cabinet members are entirely disclosed.

Rules that bend

The simple problem with a Emerging Technology Fund is a same one that undermines a firmness of a Texas Enterprise Fund. The manners are too lax and too frequently bent. A integrate of years ago, we wrote about how a Emerging Technology Fund was used to flue $50 million to Texas AM, that isn’t a startup tech association yet that is a governor’s alma mater (and mine). The grant, a biggest ever awarded by a fund, was caught in a web of domestic relations and a nasty energy onslaught over control of a school’s investigate bill that contributed to a ouster of AM’s boss by Perry’s cronies on a house of regents.

The Emerging Technology Fund came underneath glow final year after a cancer-treatment association owned by David Nance, a crony and debate writer of Perry’s, perceived $4.5 million from a account after Nance apparently sidestepped dual examination panels, including a advisory board, a Austin American-Statesman reported.

With a bill shortfall forcing teachers out of work and cuts in all from parks to bankrupt health care, a auditor’s news raises new questions about either a state should be doling out corporate gratification like candy, generally when no one is minding a store.

Loren Steffy is a Chronicle’s business columnist. His explanation appears Sundays, Wednesdays and Fridays. Contact him at loren.steffy@chron.com. His blog is during http://blogs.chron.com/lorensteffy.

Article source: http://www.chron.com/disp/story.mpl/business/steffy/7554452.html

• Post a Comment
• E-mail
• Print
• Larger Type
  Small Type

Two tip Texas officials have screwed up. Comptroller Susan Combs is acknowledging a disaster she has caused and is dipping into her domestic income to further a state income being spent to try to redress a situation.

But Gov. Rick Perry, notwithstanding a state review clearly indicating out a problems, seems reduction prepared to acknowledge erring doing of a Texas Emerging Technology Fund that has doled out some-more than $342 million in grants.

Combs, who has warranted a store of censure for a problem she caused, deserves some credit for, after a fake start, holding full and personal censure for her agency’s unpardonable blunder of posting online a personal information of 3.5 million Texans. The intensity fallout out from this is significant.

And Combs, whose domestic destiny justly could be endangered by this mess, knows it.

“Let me really blunt about this,” she told a American-Statesman. “I’m really contemptible about this information exposure. we take personal shortcoming for this, and I’m going to take each step to repair it.”

Initially, Combs blamed other state agencies for not submitting information in a stable format. Now, in an talk with a Houston Chronicle, she concurred her strange matter — challenged by a other agencies — as “irrelevant.”

“We had a final transparent possibility to make it right and we didn’t,” Combs told a Chronicle.

In further to formerly announced skeleton to use state income to assistance strengthen Texans whose information was posted, Combs’ group now is profitable for a year of credit monitoring and Internet notice for those people. The cost to a state could strike $21 million if everybody who is authorised enrolls.

And Combs is dipping into her domestic supports to compensate for temperament replacement services for anyone whose information is dissipated as a outcome of carrying been posted online by her agency.

She is assuring Texans that stairs have been taken to make certain this never happens again. It is a critical mistake, one that could lead Texans to confirm that electing Combs is a mistake they wish to make certain never happens again.

Perry’s controversial doing of a Emerging Technology Fund, combined by lawmakers in 2005 to deposit in record startup companies, is well-documented in a new state auditor’s report. The study, sought by Lt. Gov. David Dewhurst, criticized a closed-door decision-making process, a miss of adequate monitoring of a investment of state dollars and a miss of stating of a values of companies that get a money.

The problems are minute in a 73-page news though summed adult in a initial sentence: “The Emerging Technology Fund should make poignant improvements to foster larger clarity and accountability.”

“It is important,” a news said, “to reason recipients of supports accountable.”

In response, Perry’s bureau concurred that improvements — some in place — are needed. But there also was pushback.

“We trust that a disagreements outcome in vast partial from a (auditor’s) disagreement of a inlet and purpose of a entities and people endangered in a module and, during slightest in some respects, a really functions of a module itself,” a governor’s bureau wrote.

The auditor, according to Perry’s staff, “discounts a legitimate need for confidentiality for some of a information” submitted by applicants. That’s “standard business practice,” a governor’s bureau noted, “considering a rival and ethereal inlet of a rising record industry.”

We know that need. But we also know a people’s need to have as most information as probable about who gets their money. If these interests can't be sufficient balanced, maybe this module should be close down.

The news remarkable that Perry’s bureau is messy when it comes to announcing grants and should pierce some-more fast in reviewing compulsory annual reports from companies that get a income by grants authorized by Perry, Dewhurst and Speaker Joe Straus.

Dewhurst and others became endangered about a module after news stories detailing a sly routine that has, during times, benefited Perry domestic allies. In 2010, Austin businessman David Nance, a Perry crony and supporter, got a $4.5 million extend from a account for his Convergen LifeSciences Inc. Attorney General Greg Abbott has ruled that information in a firm’s focus contingency be expelled for open scrutiny. Nance has left to justice to try to forestall that release.

The auditor’s news is an critical step in a right instruction on a Emerging Technology Fund. So is Dewhurst’s guarantee to get senators to work on branch some of a suggestions into law.

Article source: http://www.statesman.com/opinion/taking-accountability-at-the-top-1447235.html