Australian Information Security Audit Report August 17 2019

School children’s data exposed to cyber security threats due to education department oversight.

The confidential records of children and teachers have been left vulnerable to cyber security attacks and data mismanagement due to departmental oversight in the Northern Territory Government, a report from the auditor general’s office has revealed.
Reported in: ABC News (Australia)

The Student Administration Management System (SAMS) used by the NT Department of Education was shown in an audit to have limited guidelines around user access and a “lack of comprehensive security monitoring” since its roll out in 2017.

The NT auditor general’s report detailed how the centrally hosted database had a lack of user governance processes, a seemingly “excessive” amount of administration accounts, and there were a number of terminated staff members who could have retained access to the system.