Australian government agencies “at risk”

According to the article by Dahna McConnachie at, Australian agencies fail to meet information security expectations.

The recent Australian National Audit Office report showed that the agencies “had not implemented effective policies, practices and processes to ensure their IT security policy met with government standards. Only two agencies could demonstrate suitable processes to assess system compliance with their IT security policy and government requirements as well as processes for managing exceptions and variations”.

Australian Computer Society Vice President Kumar Parakala said the audit findings are of concern. “IT security breaches can in fact have greater set-backs to organizations than physical security breaches.”

“Ideally, information security should be a part of our working lives, just like locking the front door when we leave the house in the morning. We should not be afraid, we should be aware of the consequences of our actions and inactions.”

The audit identified a number of opportunities for further improvement in agencies’ policies and procedures relating to IT security management practices, including:

  • “improving the content and processes for developing and maintaining IT security policy alignment with organizational risk management processes;
  • ensuring a regular process exists within the IT security control framework to identify gaps between an agency IT environment and Australian government expectations;
  • ensuring policies clearly identify the physical and environmental security controls and standards for managing IT equipment;
  • ensuring performance reporting of network security practice is designed to make sure that security controls are adequately addressing IT security risks;
  • and ensuring standards exist and are applied for the use of audit trails”.
  • This blog is run by the authors of FindProtected.
    FindProtected is an effective security program that allows you to search your network for password protected files. With FindProtected, you can properly identify protected files and relocate them if necessary.

    Leave a Reply