Cyber resilience self-reporting on auditor's radar

By on
Cyber resilience self-reporting on auditor's radar

After agencies struggle to meet top four strategies.

Australia’s national auditor will consider reviewing the effectiveness of agencies assessing their own compliance with the federal government’s mandatory minimum cyber security requirements.

It follows an audit of the Immigration, Human Services, and Tax agencies' cyber resilience in March last year, which revealed that only DHS was fully compliant with the Australian Signals Directorate’s 'top four strategies to mitigate cyber security incidents'.

The top four became mandatory for agencies in April 2013, as part of their annual protective security policy framework (PSPF) self-reporting commitments.

But, as iTnews revealed last year, dozens of agencies have struggled to meet one or more of the strategies in their compliance reporting over the past two years.

The 2017 cyber resilience audit resulted in a parliamentary inquiry, which last October said it was concerned about the adoption of the strategies, despite the controls being well-recognised in and out of government.

It called on the government for all 180 corporate and non-corporate Commonwealth entities to be required to implement ASD’s revamped ‘essential eight’ cyber security strategies by June 2018.

In response to the committee’s recommendations, the national audit office has now agreed to “consider conducting an audit of the effectiveness of the self-assessment and reporting regime under the PSPF”.

However, it noted that the framework has recently been reviewed by the Attorney-General’s Department, and a revised framework was expected to be implemented in July 2018.

The audit office is currently reviewing the cyber resilience of Treasury, the National Archives and Geoscience Australia, and expects to hand down that audit in June.

It has also slated further cyber security audits for corporate and non-corporate Commonwealth entities over the next year, including the Australian Digital Health Agency’s management of cyber security risks in relation to the My Health Record.

The government is yet to formally respond to committee’s recommendations.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
cyber governmentit security strategy
In Partnership With

Most Read Articles

MYOB floored by AWS Sydney database outage

MYOB floored by AWS Sydney database outage
Tax crackdown on IT contractors now snares non-technology businesses

Tax crackdown on IT contractors now snares non-technology businesses
Aussie Broadband predicts long wait for affordable gigabit speeds

Aussie Broadband predicts long wait for affordable gigabit speeds
Australian bank customers caught in valuation firm data breach

Australian bank customers caught in valuation firm data breach
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Cloud, AI, infosec: Is your IT strategy keeping up?
Cloud, AI, infosec: Is your IT strategy keeping up?
Automate and secure IOT for Business
Automate and secure IOT for Business
Data Science and AI Solutions for Cybersecurity
Data Science and AI Solutions for Cybersecurity
Intro to AI for Security Professionals
Intro to AI for Security Professionals
Digital Transformation: Hope, or Hype?
Digital Transformation: Hope, or Hype?

Events

Log In

Username / Email:
Password:
  |  Forgot your password?