Cyber resilience self-reporting on auditor's radar

By

After agencies struggle to meet top four strategies.

Australia’s national auditor will consider reviewing the effectiveness of agencies assessing their own compliance with the federal government’s mandatory minimum cyber security requirements.

Cyber resilience self-reporting on auditor's radar

It follows an audit of the Immigration, Human Services, and Tax agencies' cyber resilience in March last year, which revealed that only DHS was fully compliant with the Australian Signals Directorate’s 'top four strategies to mitigate cyber security incidents'.

The top four became mandatory for agencies in April 2013, as part of their annual protective security policy framework (PSPF) self-reporting commitments.

But, as iTnews revealed last year, dozens of agencies have struggled to meet one or more of the strategies in their compliance reporting over the past two years.

The 2017 cyber resilience audit resulted in a parliamentary inquiry, which last October said it was concerned about the adoption of the strategies, despite the controls being well-recognised in and out of government.

It called on the government for all 180 corporate and non-corporate Commonwealth entities to be required to implement ASD’s revamped ‘essential eight’ cyber security strategies by June 2018.

In response to the committee’s recommendations, the national audit office has now agreed to “consider conducting an audit of the effectiveness of the self-assessment and reporting regime under the PSPF”.

However, it noted that the framework has recently been reviewed by the Attorney-General’s Department, and a revised framework was expected to be implemented in July 2018.

The audit office is currently reviewing the cyber resilience of Treasury, the National Archives and Geoscience Australia, and expects to hand down that audit in June.

It has also slated further cyber security audits for corporate and non-corporate Commonwealth entities over the next year, including the Australian Digital Health Agency’s management of cyber security risks in relation to the My Health Record.

The government is yet to formally respond to committee’s recommendations.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
cybergovernmentsecuritystrategy

Sponsored Whitepapers

Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond

Events

Most Read Articles

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks
Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"
SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift
Sportsbet recruits 'security champions' in shift-left strategy

Sportsbet recruits 'security champions' in shift-left strategy
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?