Select Page

Audit: Victoria audit warns of weak IT controls in council systems | iTnews

Posted by | Feb 27, 2023 | , , , , , , , , , | 0 |

Audit: Victoria audit warns of weak IT controls in council systems | iTnews

Victorian Local Government Audit Report 27 February 2023

Victoria audit reports a significant rise in IT control weaknesses in council systems

Calls for Essential Eight adoption.

Victorian Auditor General’s Office Report: Results of 2021–22 Audits: Local Government
Media Report:Victoria audit warns of weak IT controls in council systems | iTnews

Read more Victorian incidents.

Victoria’s auditor-general is concerned at an increase in the number of weak IT controls in the state’s local government sector.

In a new audit of local government books, the office said it had increased its scrutiny of councils’ IT controls, and didn’t like what it found.

“In 2021–22, we increased our use of system assurance auditors. As a result of this shift in audit approach, we found more IT control weaknesses,” the report stated

Victorian Local Government Audit 1

All of these issues were rated as medium risk.

A council’s risk of experiencing a major disruption, such as a cyber-attack, increases if it does not fix IT control issues in a timely way.

User-access management and authentication controls reduce the likelihood of unauthorised access to an entity’s systems and underlying data.

Audit logging and monitoring controls detect unauthorised access and changes after they occur. Audit logs also ensure that all important changes are captured as part of an entity’s change management controls.

Intrusion detection is an application that monitors network traffic and searches for known threats and suspicious or malicious activity.

The report recommended that “Complying with the Essential Eight security framework would help councils protect customer and sensitive data better.”

I should note that Essential 8 does not address two of the key areas in the findings.

  • “Audit logging and monitoring controls detect unauthorised access and changes after they occur. Audit logs also ensure that all important changes are captured as part of an entity’s change management controls.
  • Intrusion detection is an application that monitors network traffic and searches for known threats and suspicious or malicious activity.”

 

Rate:

About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Related Posts

Incident: ‘Shocking’ myki privacy breach for millions of users in data release | ABC News (Australia)

Incident: ‘Shocking’ myki privacy breach for millions of users in data release | ABC News (Australia)

August 15, 2019

Incident: Millions of Australians’ sensitive medical images, data left openly accessible | iTnews

Incident: Millions of Australians’ sensitive medical images, data left openly accessible | iTnews

September 20, 2019

Incident: AusTender becomes latest bait for phishers | iTnews

Incident: AusTender becomes latest bait for phishers | iTnews

January 15, 2019

Incident: Thieves steal laptops with 30 years of data from University of Western Australia | iTnews

Incident: Thieves steal laptops with 30 years of data from University of Western Australia | iTnews

July 28, 2019

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please follow the Source link to the original article to support the content owner. We only provide a brief summary with metadata to assist in categorisation.

More Australian News

State Library of NSW responding to April cyber intrusion
State Library of NSW responding to April cyber intrusion

Library services remain offline following “suspicious activity in our catalogue”; services are expected to be back online by the end of the month. • … [...]

Directors told to stop admiring the AI problem and start governing it - AICD
Directors told to stop admiring the AI problem and start governing it - AICD

Directors told to stop admiring the AI problem and start governing it Friday, 15 May 2026 Brisbane played host to the AICDs’ Tech Governance Forum last … [...]

Student hackers take on 'ethical battle' beyond cyber attacks and exploits
Student hackers take on 'ethical battle' beyond cyber attacks and exploits

When more than 100 hackers meet in a room, it might be a good idea to update your password. But these cybersecurity sleuths have gathered for a good … [...]

How Australia's ASIC v FIIG decision supports your cyber investment business case
How Australia's ASIC v FIIG decision supports your cyber investment business case

What you need to know First AFSL cyber penalty: FIIG's $2.5 million penalty is the first cyber security penalty under general financial services … [...]

APRA and ASIC Sound the AI Alarm for Boards and Executives
APRA and ASIC Sound the AI Alarm for Boards and Executives

What you need to know APRA and ASIC have sent powerful messages to regulated entities regarding AI, cyber security and operational resilience in … [...]

Exclusive: INC Ransom claims cyber attack on Australian engineering service company
Exclusive: INC Ransom claims cyber attack on Australian engineering service company

Threat actors have claimed a cyber attack on an Australian engineering solutions company and are threatening to publish data they allegedly … [...]

Exclusive: Major cleaning and facility services firm confirms third-party cyber incident
Exclusive: Major cleaning and facility services firm confirms third-party cyber incident

Major private cleaning and facility services firm Menzies Group has confirmed a cyber incident that occurred after a third-party IT provider was … [...]

Exclusive: Australian College of Business Intelligence investigating Qilin ransomware claims
Exclusive: Australian College of Business Intelligence investigating Qilin ransomware claims

A Sydney-based vocational college has found no evidence of compromised student data after being listed on the leak site of a prolific hacking group. • … [...]

Victorian bulk porting scammer gets over two years in prison
Victorian bulk porting scammer gets over two years in prison

A 35-year-old man from Lynbrook, south-east Melbourne, has received a prison sentence of two years and two months, with a 12-month non-parole period, … [...]

NSW cyber cops bust alleged bullion-buying BEC bandits
NSW cyber cops bust alleged bullion-buying BEC bandits

NSW Police have charged three people over an alleged $600,000 business email compromise (BEC) scam operation, after detectives caught a young woman … [...]

Miners’ data targeted as hackers hold software provider to ransom
Miners’ data targeted as hackers hold software provider to ransom

Dozens of Australian mining companies are scrambling to access their key technology systems after a major software supplier to the sector was … [...]

Instructure dealing with Canvas cyberhackers a dangerous tactic, say experts
Instructure dealing with Canvas cyberhackers a dangerous tactic, say experts

The company that runs Canvas has painted a target on its back for future extortion attempts by making a deal with hackers, according to cybersecurity … [...]

Shares
Share This

Discover more from Australian Cyber Aware

Subscribe now to keep reading and get access to the full archive.

Continue reading