Cyber resilience self-reporting on auditor's radar

By

After agencies struggle to meet top four strategies.

Australia’s national auditor will consider reviewing the effectiveness of agencies assessing their own compliance with the federal government’s mandatory minimum cyber security requirements.

Cyber resilience self-reporting on auditor's radar

It follows an audit of the Immigration, Human Services, and Tax agencies' cyber resilience in March last year, which revealed that only DHS was fully compliant with the Australian Signals Directorate’s 'top four strategies to mitigate cyber security incidents'.

The top four became mandatory for agencies in April 2013, as part of their annual protective security policy framework (PSPF) self-reporting commitments.

But, as iTnews revealed last year, dozens of agencies have struggled to meet one or more of the strategies in their compliance reporting over the past two years.

The 2017 cyber resilience audit resulted in a parliamentary inquiry, which last October said it was concerned about the adoption of the strategies, despite the controls being well-recognised in and out of government.

It called on the government for all 180 corporate and non-corporate Commonwealth entities to be required to implement ASD’s revamped ‘essential eight’ cyber security strategies by June 2018.

In response to the committee’s recommendations, the national audit office has now agreed to “consider conducting an audit of the effectiveness of the self-assessment and reporting regime under the PSPF”.

However, it noted that the framework has recently been reviewed by the Attorney-General’s Department, and a revised framework was expected to be implemented in July 2018.

The audit office is currently reviewing the cyber resilience of Treasury, the National Archives and Geoscience Australia, and expects to hand down that audit in June.

It has also slated further cyber security audits for corporate and non-corporate Commonwealth entities over the next year, including the Australian Digital Health Agency’s management of cyber security risks in relation to the My Health Record.

The government is yet to formally respond to committee’s recommendations.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
cybergovernmentsecuritystrategy

Sponsored Whitepapers

Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks

Events

Most Read Articles

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls
India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?