Select Page

Audit: Queensland government cyber defences fail ethical hack test | iTnews

Posted by | Oct 2, 2019 | , , , , | 0 |

Audit: Queensland government cyber defences fail ethical hack test | iTnews

Australian Information Security Audit Report October 02 2019

Queensland government cyber defences fail ethical hack test.

Sensitive information accessed with relative ease.

Reported in: iTnews

Ethical hackers from Queensland’s Audit Office were able to exploit vulnerabilities in the IT systems of three state government entities to access sensitive information during recent cyber security testing.

“The fact that our consultants successfully compromised all three entities’ ICT environments and could access their sensitive or non-public data demonstrates there were gaps in their mitigation strategies,” the report states.

On 1 October 2018, in policy requirement three of the information security policy, the Queensland Government Chief Information Office made the Essential Eight mitigation strategies a minimum security requirement. For this audit, we focused on what the ACSC calls the ‘Top 4’ strategies, because it has stated that, if organisations effectively implemented these, they would mitigate at least 85 per cent of cyber intrusions.

The Top 4 mitigation strategies include:

  • application whitelisting
  • patching applications
  • restricting administrative privileges
  • patching operating systems

The audit office said none of the entities had implemented effectively.

Source: Qld govt cyber defences fail ethical hack test

Audit Report: Managing cyber security risks Report 3: 2019–20 

Cyber defences no match for hackers of Queensland government entities | Brisbane Times

Rate:

About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Related Posts

Incident: NSW Education department hit by cyber attack | iTnews

Incident: NSW Education department hit by cyber attack | iTnews

July 8, 2021

Incident: Officer used police computer network to stalk dozens of potential Tinder dates | ABC News Australia

Incident: Officer used police computer network to stalk dozens of potential Tinder dates | ABC News Australia

February 1, 2019

Incident: Queensland minister stood down over email scandal | iTnews

Incident: Queensland minister stood down over email scandal | iTnews

July 24, 2017

Incident: Data Breach At Adelaide’s Womens and Childrens Hospital Exposed Children’s Records Online | Hacking News

Incident: Data Breach At Adelaide’s Womens and Childrens Hospital Exposed Children’s Records Online | Hacking News

August 5, 2018

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More Australian News

View my Flipboard Magazine.

Weekly Australian News and Monthly Incident Review Emails

No advertisements, marketing, sales, or unsolicited emails. Your email address is ONLY used to send the publications listed above.

* indicates required


Shares
Share This