Security of servers managed by the Danish Agency for Governmental IT Services
SCALE
-
-
The Danish Agency for Governmental IT Services managed 5,353 servers on behalf of 46 authorities in time of the audit. 537 of these servers were no longer supported by their developers because they have reached the end of their lifecycle.
COMPLIANCE FOCUS
-
-
international standard for information security, ISO 27001
-
-
Centre for Cyber Security recommendations
PERFORMANCE ASPECT
-
-
security of servers
-
-
quality of data operations and services
1.
Monitoring
- Requirement
The Danish Agency for Governmental IT Services has not upgraded or decommissioned servers, before the developer ceased to release security updates. Moreover, the agency’s overview of the servers is incomplete, which reduces the ability to respond quickly to cyberattacks and emerging cyberthreats.
2.
Continuity
- Preparedness
The Danish Agency for Governmental IT Services has not implemented sufficient compensatory measures to manage servers that are no longer supported by the developer The Danish Agency for Governmental IT Services have a series of measures in place to reduce the risk of cyberattacks spreading. However, there is still a risk of cyberattacks spreading between servers and between authorities.
The Danish Agency for Governmental IT Services has informed Rigsrevisionen that it is impossible for the agency to upgrade or decommission the servers because the authorities have not, as required, ensured that their administrative systems will be compatible with new servers . (…) the agency has not established the necessary collaboration with the authorities to facilitate timely upgrading or decommissioning.
Code (gexf) to continue analysis with GephiTerminology graph
