Select Page

Audit: Queensland government cyber defences fail ethical hack test | iTnews

Audit: Queensland government cyber defences fail ethical hack test | iTnews

Australian Information Security Audit Report October 02 2019

Queensland government cyber defences fail ethical hack test.

Sensitive information accessed with relative ease.

Reported in: iTnews

Ethical hackers from Queensland’s Audit Office were able to exploit vulnerabilities in the IT systems of three state government entities to access sensitive information during recent cyber security testing.

“The fact that our consultants successfully compromised all three entities’ ICT environments and could access their sensitive or non-public data demonstrates there were gaps in their mitigation strategies,” the report states.

On 1 October 2018, in policy requirement three of the information security policy, the Queensland Government Chief Information Office made the Essential Eight mitigation strategies a minimum security requirement. For this audit, we focused on what the ACSC calls the ‘Top 4’ strategies, because it has stated that, if organisations effectively implemented these, they would mitigate at least 85 per cent of cyber intrusions.

The Top 4 mitigation strategies include:

  • application whitelisting
  • patching applications
  • restricting administrative privileges
  • patching operating systems

The audit office said none of the entities had implemented effectively.

About The Author

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More Australian News

Receive Weekly Australian News and Monthly Incident Review Emails

No advertisements, marketing, sales, or unsolicited emails. Your email address is ONLY used to send the publications listed above.

* indicates required


Shares
Share This