3 Oversight and coordination of information security threats

Read more about 3 Oversight and coordination of information security threats

At a glance

Background

The Department of State Development, Business and Innovation (DSDBI) receives cyber alerts from Australian Government agencies and distributes them to relevant Victorian agencies.

Agencies are responsible for registering their internet protocol (IP) addresses with the regional registrar. The Australian Signals Directorate and other agencies use this registry to identify operators of networks facing a potential cyber threat.

2 Appropriateness of policy direction and guidance

Read more about 2 Appropriateness of policy direction and guidance

At a glance

Background

Victoria's information security policy, standards and processes are aligned with the Australian Government's information security frameworks.

Inner Whole-of-Victorian-Government (WoVG) agencies are required to comply with these standards by implementing their own information security management framework (ISMF) and reporting on their information security performance annually.

1 Background

Read more about 1 Background

1.1 Information security overview

Information and communications technology (ICT) has fundamentally changed the way that the public sector operates.

Today, the government and public sector relies heavily on ICT to effectively deliver services to the Victorian community and to efficiently manage its own internal activities.

However, ICT systems have inherent and significant risks, and external and internal threats to information security and privacy are increasing.

Audit summary

Read more about Audit summary

Background

Information security is critical to ensure the confidentiality, integrity and availability of public sector data, information and services.

Security risks for information and communications technology (ICT) systems have significantly increased in recent years. Around the world, there have been unprecedented and escalating external threats to information security for both public and private sector ICT systems, commonly referred to as cyber threats.

WoVG Information Security Management Framework: Message

Read more about WoVG Information Security Management Framework: Message

Ordered to be printed

VICTORIAN GOVERNMENT PRINTER March 2013

PP No 281, Session 2010–13

WoVG Information Security Management Framework

Body

This audit examined whether information security policy and standards have been appropriately implemented across whole of Victorian government agencies.

Appendix E. Audit Act 1994 section 16— submissions and comments

Read more about Appendix E. Audit Act 1994 section 16— submissions and comments

In accordance with section 16A and 16(3) of the Audit Act 1994 a copy of this report, or relevant extracts from the report, was provided to the Treasurer and all relevant agencies with a request for submissions or comments.

The submissions and comments provided are not subject to audit nor the evidentiary standards required to reach an audit conclusion. Responsibility for the accuracy, fairness and balance of those comments rests solely with the agency head.

Responses were received as follows:

Appendix D. Glossary

Read more about Appendix D. Glossary

Accountability

Responsibility of public sector entities to achieve their objectives, with regard to reliability of financial reporting, effectiveness and efficiency of operations, compliance with applicable laws, and reporting to interested parties.

Acquisition

Establishing control of an asset, undertaking the risks, and receiving the rights to future benefits, as would be conferred with ownership, in exchange for the cost of acquisition.