Australian Information Security Audit Report June 04 2020

NSW unis taken to task over poor cyber stance.

Institutions still without cyber risk policies, audit finds.
Reported in: iTnews

NSW universities have been told to strengthen their cyber security frameworks for a third year in a row after persistent issues with key controls were uncovered by the state’s auditor-general. 

The annual audit of the tertiary sector also calls into question the adequacy of data breach reporting mechanisms, with revelations one institution recorded 12 breaches last year.

The most concerning finding was only eight of the ten universities having implemented a cyber risk policy, leaving two institutions exposed at one of the most fundamental levels in 2019.

All other cyber security controls, however, saw some improvement on the 2018 audit result, with a cyber attack recovery plan now in place for all ten universities.