Australian Audit Fail May 28 2021

Dozens of NSW councils still without basic cyber security controls, audit finds

Poor management of cyber security at 58 of the state’s 128 local councils, nine county councils and 13 joint organisations

NSW Audit Office Report: Report on Local Government 2020
Reported in: Audit: Dozens of NSW councils still without basic cyber security controls, audit finds | iTnews
Read more Audit Reports

More than a third of local councils across NSW are still without basic internal controls and governance arrangements for cyber security, the state’s auditor-general has revealed. Highlighted in the report:

• Bellingen Shire Council was singled out in the report for its lack of a cyber risk framework and policy (a repeat finding), as was Maitland City Council for having gaps in its cyber security controls.
• Newcastle City Councils was similarly found to have no formal IT policies and procedures for cyber security, as well as access management and incident management.
• Maitland City Council and Newcastle City Council were also found to have no cyber security awareness program.

While the result is an improvement on last year, when 80 percent of councils were found to have no formal cyber security policy, the audit highlights the ongoing struggle to address IT security risks.
09/10/2020 Audit: NSW govt blasted for failing councils on cyber security | iTnews

The audit notes that while there is no requirement for councils to comply with the NSW government’s cyber policy, “councils may find it useful to refer to the policy for further guidance”.