Australian Information Security Audit Report June 22 2020

ACT Government agencies don’t understand data security and put privacy at risk, auditor-general says.

Agencies lacking understanding, awareness.
Reported in: ACT govt urged to improve data security after shocker audit | iTnews

The ACT government has been told to lift its data security game after the territory’s auditor-general raised serious concerns with its policies and the data handling practices of public servants. 

The audit of the territory’s data security practices also reveals that the government is without a government-wide data breach response plan, despite suffering a breach as recently as late 2018.

 The audit found that compliance with the ICT security policy is not effective and that agencies have “not clearly understood their data security risks and requirements”.

Key points:

  • Two auditor-general reports in recent months have criticised the ACT Government’s cybersecurity practices
  • The latest report says some public servants don’t realise the risks of sharing sensitive data via email and on USBs
  • The Government has not documented the security classification of two-thirds of its IT systems