Agencies get poor marks in security audit


By Dylan Bushell-Embling
Monday, 02 July, 2018

Agencies get poor marks in security audit

None of three Australian Government departments audited by the Australian National Audit Office have achieved full compliance with the Essential Eight cybersecurity measures.

The audit of Treasury, the National Archives of Australia and Geoscience Australia found that only the first of these have even achieved compliance with the mandatory Top Four of these measures.

The top four mitigation strategies, developed by the Australian Signals Directorate, involve requiring application whitelisting on desktops and servers, maintaining sound patching policies and procedures for both applications and operating systems, and effectively managing access provisions for privileged user accounts.

As the only department examined to be compliant with these strategies, only Treasury was deemed to be cyber resilient.

The National Archives only complied with the requirements on application patching and privileged user access, but due to sound general ICT controls was deemed to be internally resilient.

Geoscience Australia had none of the controls in place but was working to achieve compliance with all but the application whitelisting requirement. The agency was nevertheless deemed to be vulnerable to attack.

Each of the agencies had also implemented just one of the remaining non-mandatory Essential Eight strategies — the daily backup of important data. Each had made limited progress in implementing the other three strategies — disabling untrusted Microsoft Office macros, user application hardening and implementing multifactor authentication.

Geoscience Australia and the National Archives have both agreed to the Auditor-General’s recommendation that they establish a plan and time frame to achieve compliance with the Top Four mitigation strategies.

The audit has also recommended that the Attorney-General’s Department, Department of Home Affairs and Australian Signals Directorate work together to improve compliance with the Essential Eight strategies.

Image credit: ©iconimage/Dollar Photo Club

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related Articles

Adapting to new cybersecurity challenges: a roadmap for Australian government agencies

Given the rise in cyber threats against government networks and critical infrastructure sectors,...

Growing fraud trends in Australian health care

As the healthcare landscape evolves, so do the methods of fraud.

Overcoming the top cybersecurity challenges faced by public agencies

With a new cybersecurity strategy out and the right approach to key challenges, the public sector...

Content from other channels on our network

Future Made in Australia Act welcomed by climate orgs

An interconnected ASEAN Power Grid: report

What Australia thinks about the energy transition

Call for improved train lighting to save lives

Foiling hackers in the smart home era

What factors influence hospital staff retention?

Hospital uses AI model to improve physician–nurse collaboration

Finalists announced for 2024 HESTA Australian Nursing & Midwifery Awards

GenesisCare expands with $35m Northern Beaches cancer centre

In Conversation with Royal Women's Hospital CEO Sue Matthews

The fire on Marley's Hill

Sanctions on Hytera halted by appeals court

MXene-based compound to enable 3D-printed antennas

Long-range drones used to surveil bushfires in NSW

Luxembourg DoD adds satcom ground infrastructure

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd