Gov should seek 'external assurance' of cyber security maturity

By

Agency self-assessments are not enough.

The government has been asked to consider implementing “a robust external assurance process” on agency self-assessments of cyber security maturity.

Gov should seek 'external assurance' of cyber security maturity

A committee examining audited financial statements of agencies made the recommendation yesterday [pdf], saying it was important for the government to be “aware of the true situation in relation to public sector cyber security”.

The committee backed concerns by the Australian National Audit Office (ANAO) of a “persistent optimism bias” in agencies’ self-assessed maturity levels.

It believed there was some “likelihood that agencies understate the true picture of the vulnerabilities that may exist”.

It also said that persistent issues, “particularly failures to terminate user access appropriately … cannot be allowed to continue year-on-year without further mitigations given the escalating cyber security threat to the Commonwealth.”

The committee concluded there is a need for “a robust external assurance process to provide government confidence that it has an accurate picture of the cyber security capabilities” of agencies.

“The Auditor-General has identified a persistent optimism bias in how agencies self-report their cyber security compliance,” committee chair Julian Hill said in a statement.

“This issue has gone on for too long, and it’s time [the] government considers implementing an assurance regime on agencies’ self-reporting on cyber security compliance. 

“Agencies should not be able to disguise the true situation from the government in relation to public sector cyber security vulnerabilities.”

Similar questions have also been posed in NSW, where self-assessments aren’t audited for accuracy.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Qantas contacted by "potential cyber criminal"

Qantas contacted by "potential cyber criminal"

SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

Log In

  |  Forgot your password?