WoVG Information Security Management FrameworkVAGO Publication large

Tabled: 27 November 2013

The audit examined 11 public sector agencies and found that the policy, standards and protection mechanisms for the security of the state’s information and communications technology (ICT) systems and data have not been effectively applied. Agencies undertake only limited monitoring of suspicious internal network activity, and they do not have a capability to detect an intrusion into sensitive public sector systems.

The audit also found that if there was an external cyber attack or a cyber alert issued by an Australian Government national security agency, there would be no coordinated understanding of the threat or its impact across the state’s public sector ICT systems, because central agencies do not conduct follow up actions after a cyber alert is disseminated.

The audit further identified a number of critical- and medium-level risks related to individual agency systems that have been raised with each of those agencies through individual management letters. Agreement has been reached with each agency about what actions will be implemented and a proposed time frame for implementation.











VAGO Icon Download

Access the Report

Full report as HTML

Full report as PDF Adobe PDF (4.9 MB)

PDF of presentation



Audit Team

Paul O'Connor
Sector Director


Wayne Singleton

Team Leader


Annie Skelton


Kudrat Gill


Ray Winn

Engagement Quality Control Reviewer




Last updated on 31/08/2016