We plan to determine whether selected agencies have implemented effective controls in their public cloud computing platforms.
Why this is important
Cybersecurity risks in Victoria are real and growing. DPC estimates that someone tries to gain unauthorised access to Victoria's network every 45 seconds.
Modern cloud-based technology provides an opportunity to harness threat hunting capability, security knowledge and productivity savings. Yet many agencies do not use this technology or its security functions.
Local and international data shows that while cyber-attacks continue to increase, proven and effective controls can prevent most of them. For example, the Australian Cyber Security Centre estimates that if agencies using Microsoft 365 implemented multi-factor authentication, it would mitigate 99.5 per cent of their cyber risk for that service.
A successful attack on Victorian government agencies could be costly and damaging to both individuals and government. It is important that agencies take steps to reduce the likelihood of this occurring.
Who we plan to examine
In this reasonable assurance performance audit, we propose to scope in Cenitex, DELWP, DET, DH, DFFH, DJCS, DJPR, DoT, DPC and DTF.