Australian Audit Report October 09 2020

New South Wales government blasted for failing councils on cyber security.

Audit “complete lack” of support for IT security.

Audit Office of NSW Report: Report on Local Government 2019
Reported in: NSW govt blasted for failing councils on cyber security | iTnews
More reports from iTnews

Local Government NSW (LGNSW) has criticised the state government for failing to provide councils with adequate support to address increasing cyber security threats.

Councils should:

• ensure key IT policies are formalised and regularly reviewed to ensure emerging risks are considered and policies are reflective of changes to the IT environment
• ensure IT risks are identified and appropriately managed
• improve user access management processes to ensure that information systems are secure and that there are adequate controls for making changes to information systems
• implement at least the basic governance and internal controls to manage risks associated with cyber security.

The submission cited a recent audit that found 80 percent of councils were without a cyber security policy or framework, while 76 percent had not delivered cyber security training to all staff.

The Office of Local Government is now working with Cyber Security NSW to develop a standardised cyber security policy for all 128 councils by July 2021, which LGNSW supports.

The peak body has also called on the government to provide “standardised cyber security training” to ensure council IT systems are protected from inappropriate access and misuse.