WoVG Information Security Management FrameworkVAGO Publication large

Tabled: 27 November 2013

The audit examined 11 public sector agencies and found that the policy, standards and protection mechanisms for the security of the state’s information and communications technology (ICT) systems and data have not been effectively applied. Agencies undertake only limited monitoring of suspicious internal network activity, and they do not have a capability to detect an intrusion into sensitive public sector systems.

The audit also found that if there was an external cyber attack or a cyber alert issued by an Australian Government national security agency, there would be no coordinated understanding of the threat or its impact across the state’s public sector ICT systems, because central agencies do not conduct follow up actions after a cyber alert is disseminated.

The audit further identified a number of critical- and medium-level risks related to individual agency systems that have been raised with each of those agencies through individual management letters. Agreement has been reached with each agency about what actions will be implemented and a proposed time frame for implementation.

 

 

 

 

 

 

 

 

 

 

VAGO Icon Download

Access the Report

Full report as HTML

Full report as PDF Adobe PDF (4.9 MB)

PDF of presentation

 

 

Audit Team

Paul O'Connor
Sector Director

 

Wayne Singleton

Team Leader

 

Annie Skelton
Analyst

 

Kudrat Gill
Analyst

 

Ray Winn

Engagement Quality Control Reviewer

   

 

......

Last updated on 6/26/2014