Select Page

Audit: WA registry system flaws force auditor to delay findings by 18 months | iTnews

Audit: WA registry system flaws force auditor to delay findings by 18 months | iTnews

Australian Audit Report November 26 2020

WA registry system flaws force auditor to delay findings by 18 months

‘Highly unusual step’ taken to protect foundational system.

WA Auditor General’s Report: Western Australian Registry System – Application Controls Audit
Reported in: WA registry system flaws force auditor to delay findings by 18 months | iTnews
More reports from iTnews

Western Australia’s auditor was so concerned about vulnerabilities in the state’s registry system last year that she took the unusual step of delaying the release of findings so the issues could be addressed.

Caroline Spencer made the revelation in a one-off audit on Thursday, a full 18 months after tabling the 2019 information systems review that would have otherwise detailed the vulnerabilities.

Audit Conclusion

However, our 2019 audit found that the System was not adequately protecting the confidentiality and integrity of information housed within it. Highly confidential and foundational information was at risk of unauthorised access, alteration and disclosure due to inadequate database controls, security vulnerabilities and insufficient monitoring of changes to critical information. Insufficient disaster recovery planning also meant that the System was at risk of not being recovered in a timely manner in the event of a disruptive incident.

 

Key Findings:

  • The Department did not know if inappropriate or unauthorised changes were made to information stored in the System
  • The security of electronic records needed improvement:
    • Insecure databases – there was no data encryption to protect confidential information in the database
    • Unprotected personal data – confidential information was replicated without obfuscation in the test and development environments,
  • Security vulnerabilities were not well managed, leaving the System exposed to attacks
  • The change of name process could be misused
  • The Department does not know if it will be able to recover the System following an incident

 

About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please follow the Source link to the original article to support the content owner. We only provide a brief summary with metadata to assist in categorisation.

More Australian News

Australia: Pixel Perfect – The regulator addresses use of tracking pixels

On 11 June 2026, the Office of the Australian Information Commissioner (OAIC) published two determinations against Medmate Australia Pty Ltd (Medmate) … [...]

Discover how modern corporate investigations are shifting from email to chat and encrypted apps. Learn essential strategies for defensible forensic… [...]

Australian Cyber Aware - As It Was 2606 - June 2026

This monthly review provides a curated summary of Australian and New Zealand cyber, privacy, and information security developments identified during … [...]

Key Trends in Cyber Security and Data Privacy (2026): a General Counsel lens - Governance Institute of Australia

Cyber security and data privacy are now core governance tests – demanding clear decision-making authority, disciplined escalation and evidence that … [...]

OAIC ordered to turn over Amex privacy determination in full

Australia’s privacy watchdog has been told to turn over full details of an investigation into American Express that uncovered security and access … [...]

How to stay cyber secure: Australia’s top cyber agency releases Privileged User Training video series

The new training series offers a pathway for IT professionals to strengthen their cyber security skills and better understand cyber criminal … [...]

NSW Rural Fire Service admits security incident

The NSW Rural Fire Service (RFS) is investigating a cybersecurity incident after a hacker gained access to its information and communications … [...]

Scams surge as cybercrime falls

Cybercrime declined in Australia last year, but fraud and scams bucked the trend and victims have given up complaining, the Australian Institute of … [...]

Generation Life confirms customers impacted in April cyber incident

Aussie investment firm Generation Life has confirmed that customer data was impacted in a cyber attack it suffered back in April. • Fri, 26 Jun 2026 • … [...]

In wake of KPMG scandal, government considers splitting accounting firms' auditing and consulting arms

Accounting firms could be asked to split their lucrative consulting services from their audit functions and individual firm partners could face far … [...]

Auditor-General’s report reveals dangerous gaps in third-party security in NSW public schools

The NSW Department of Education only began considering essential student data management platforms as “crown jewels” this year, the report finds. • … [...]

EY staff allegedly access Anthony Albanese's private banking details | ABC NEWS

Two men have been sacked from Sydney accounting firm Ernst and Young after they allegedly accessed the prime minister's personal banking information. The men, aged 21 and 25, are due [...]

Shares
Share This

Discover more from Australian Cyber Aware

Subscribe now to keep reading and get access to the full archive.

Continue reading