Select Page

Audit: Queensland Audit Office Education 2021 Report finds “all need to strengthen their security”

Posted by | Jun 16, 2022 | , , , , , , , , | 0 |

Audit: Queensland Audit Office Education 2021 Report finds “all need to strengthen their security”

Australian Audit Report 16 June 2022

Queensland Audit Office Education 2021 Report finds “all need to strengthen their security”

Deficiencies identified with user and privilege access management, audit log and user activity monitoring

Queensland Audit Office Report: Education 2021

Read more Audit Reports and Queensland Audit Office (QAO)

Queensland government’s education sector continues to struggle with the audit finding 55 control deficiencies in entities’ systems and processes (internal controls) relating to information systems. Some entities have taken steps in recent years to strengthen their information systems but more action is required.

According to the report “We continue to identify weaknesses in the entities’ information systems. While the entities are continually improving the security of their systems, the risk of cyber attacks continues to increase. The sensitive nature of information the entities hold about students and research makes them an attractive target. In response to this evolving risk, we have expanded our testing and identified more weaknesses. Given how much entities rely on their information systems, they all need to strengthen their security.”

The audit looked at more systems, databases, and networks for education entities than previously, to respond to the growing cyber security risk. This led to identifying additional weaknesses, including:

  • ineffective management of user accounts and access to systems
  • insufficient monitoring of the access and activities of privileged users
  • audit logs and user activity not being regularly monitored and reviewed.

Queensland Audit Office Ed2022 Issues
Figure 2A shows the nature of internal control deficiencies reported this year.

The report concludes by recommending that education entities address the security of their information systems. It noted that QAO made the same recommendation last year in Education 2020 (Report 18: 2020–21). All entities need strong security practices and must emphasise the importance of them – in their processes and to their staff – in protecting against fraud or error and significant reputational damage.

 

Rate:

About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Related Posts

Incident: The Good Guys customers possibly affected by data breach at former third-party provider My Rewards | ABC News (Australia)

Incident: The Good Guys customers possibly affected by data breach at former third-party provider My Rewards | ABC News (Australia)

February 23, 2023

NZ Incident: New Zealand Reserve Bank urgently responding to ‘illegal data breach’ | SMH

NZ Incident: New Zealand Reserve Bank urgently responding to ‘illegal data breach’ | SMH

January 10, 2021

Incident: Queensland minister stood down over email scandal | iTnews

Incident: Queensland minister stood down over email scandal | iTnews

July 24, 2017

Incident: Victorian Game Authority inadvertently emailed customer data to hunters | ZDNet

Incident: Victorian Game Authority inadvertently emailed customer data to hunters | ZDNet

January 17, 2017

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please follow the Source link to the original article to support the content owner. We only provide a brief summary with metadata to assist in categorisation.

More Australian News

Alert! National Anti-Scam Centre, ASIC warn Aussies of fake crypto trading platforms
Alert! National Anti-Scam Centre, ASIC warn Aussies of fake crypto trading platforms

Scammers are advertising crypto trading websites filled with fake data to share trading message groups – and taking victims’ money right now. • Mon, … [...]

Exclusive: Victorian regional newspaper allegedly hacked by ransomware group
Exclusive: Victorian regional newspaper allegedly hacked by ransomware group

The Adviser, a media outlet based in Shepparton, has been hit by a potential 350-plus gigabyte data breach. • Mon, 25 May 2026 • Security *]:clear-none … [...]

State Library of NSW responding to April cyber intrusion
State Library of NSW responding to April cyber intrusion

Library services remain offline following “suspicious activity in our catalogue”; services are expected to be back online by the end of the month. • … [...]

Directors told to stop admiring the AI problem and start governing it - AICD
Directors told to stop admiring the AI problem and start governing it - AICD

Directors told to stop admiring the AI problem and start governing it Friday, 15 May 2026 Brisbane played host to the AICDs’ Tech Governance Forum last … [...]

Student hackers take on 'ethical battle' beyond cyber attacks and exploits
Student hackers take on 'ethical battle' beyond cyber attacks and exploits

When more than 100 hackers meet in a room, it might be a good idea to update your password. But these cybersecurity sleuths have gathered for a good … [...]

How Australia's ASIC v FIIG decision supports your cyber investment business case
How Australia's ASIC v FIIG decision supports your cyber investment business case

What you need to know First AFSL cyber penalty: FIIG's $2.5 million penalty is the first cyber security penalty under general financial services … [...]

APRA and ASIC Sound the AI Alarm for Boards and Executives
APRA and ASIC Sound the AI Alarm for Boards and Executives

What you need to know APRA and ASIC have sent powerful messages to regulated entities regarding AI, cyber security and operational resilience in … [...]

Exclusive: INC Ransom claims cyber attack on Australian engineering service company
Exclusive: INC Ransom claims cyber attack on Australian engineering service company

Threat actors have claimed a cyber attack on an Australian engineering solutions company and are threatening to publish data they allegedly … [...]

Exclusive: Major cleaning and facility services firm confirms third-party cyber incident
Exclusive: Major cleaning and facility services firm confirms third-party cyber incident

Major private cleaning and facility services firm Menzies Group has confirmed a cyber incident that occurred after a third-party IT provider was … [...]

Exclusive: Australian College of Business Intelligence investigating Qilin ransomware claims
Exclusive: Australian College of Business Intelligence investigating Qilin ransomware claims

A Sydney-based vocational college has found no evidence of compromised student data after being listed on the leak site of a prolific hacking group. • … [...]

Victorian bulk porting scammer gets over two years in prison
Victorian bulk porting scammer gets over two years in prison

A 35-year-old man from Lynbrook, south-east Melbourne, has received a prison sentence of two years and two months, with a 12-month non-parole period, … [...]

NSW cyber cops bust alleged bullion-buying BEC bandits
NSW cyber cops bust alleged bullion-buying BEC bandits

NSW Police have charged three people over an alleged $600,000 business email compromise (BEC) scam operation, after detectives caught a young woman … [...]

Shares
Share This

Discover more from Australian Cyber Aware

Subscribe now to keep reading and get access to the full archive.

Continue reading