Select Page

Audit: Western Australia Auditor General’s State Government Information Systems Audit 2021-22

Audit: Western Australia Auditor General’s State Government Information Systems Audit 2021-22

West Australian State Government Audit Report 22 March 2023

Western Australia Auditor General’s State Government Information Systems Audit 2021-22 566 control weaknesses 34 significant

Cases: malicious insiders no MFA, outage from an unauthorised device, former employee accessing finance system one month after termination.

Western Australia Auditor General Report: Information Systems Audit – State Government 2021-22

Read more Western Australia Auditor General Reports and West Australia incidents.

WA State Gov Audit 2023 1

Auditor General Ms Caroline Spencer said 566 information system weaknesses were reported to 61 entities, compared to 526 findings to 54 entities last year. ‘Concerningly, similar to last year, half of the audit findings were unresolved issues from the previous year.

The report found a significant majority of the entities failed to meet our benchmark in endpoint security, access management and human resource security. Information security control weaknesses were so pervasive in 13 entities they resulted in a record number of qualified audit opinions – a serious matter – related to various data breach risks.

The report includes a number of case studies that the public sector and community can learn from:

  • A former employee accessed an entity’s physical facility, logged on to the entity’s network and accessed the financial system more than one month after their employment had been terminated as the entity had failed to complete exit procedures required to revoke employee’s access to the network and systems.
  • A network outage caused by an unauthorised device interrupted key services.
  • Decades old network equipment leaves an entity, which has a significant number of connected sites, without modern security features to detect or prevent unauthorised devices and attacks – an attack would severely impact that entity’s ability to deliver vitally important services to the community.
  • A malicious insider reset the password of another staff member to gain access to a key business system and copied information. The entity was unaware of the malicious access and data extraction for several months as their access logging and monitoring processes were not working effectively. This inappropriate access could have been prevented or made more difficult if multi-factor authentication was enforced.

WA State Gov Audit 2023 2

 


About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please follow the Source link to the original article to support the content owner. We only provide a brief summary with metadata to assist in categorisation.

More Australian News

NSW Rural Fire Service admits security incident

The NSW Rural Fire Service (RFS) is investigating a cybersecurity incident after a hacker gained access to its information and communications … [...]

Scams surge as cybercrime falls

Cybercrime declined in Australia last year, but fraud and scams bucked the trend and victims have given up complaining, the Australian Institute of … [...]

Generation Life confirms customers impacted in April cyber incident

Aussie investment firm Generation Life has confirmed that customer data was impacted in a cyber attack it suffered back in April. • Fri, 26 Jun 2026 • … [...]

In wake of KPMG scandal, government considers splitting accounting firms' auditing and consulting arms

Accounting firms could be asked to split their lucrative consulting services from their audit functions and individual firm partners could face far … [...]

Auditor-General’s report reveals dangerous gaps in third-party security in NSW public schools

The NSW Department of Education only began considering essential student data management platforms as “crown jewels” this year, the report finds. • … [...]

EY staff allegedly access Anthony Albanese's private banking details | ABC NEWS

Two men have been sacked from Sydney accounting firm Ernst and Young after they allegedly accessed the prime minister's personal banking information. The men, aged 21 and 25, are due [...]

Ernst and Young staff sacked after Anthony Albanese's private banking information allegedly breached

Two Ernst and Young employees have been sacked after Prime Minister Anthony Albanese's personal banking information was allegedly breached while the … [...]

Cyber resilience a key plank of new Nakamal Agreement between Vanuatu and Australia

Australia signs a treaty with a Pacific nation to deepen integration and strengthen the collective security of the region. • Mon, 29 Jun 2026 • … [...]

Gov to give eSafety Commissioner stronger powers

The federal government will strengthen the information-gathering powers of its internet regulator, the eSafety Commissioner, allowing it to compel … [...]

Unfolding in real time: Artificial intelligence is reshaping cybersecurity

The cybersecurity capability of next-generation frontier artificial intelligence (AI) models is increasing rapidly. Large language models (LLM) … [...]

AI Could Overwhelm Cybersecurity Within Months | 10 News+

Artificial intelligence is changing cybersecurity faster than governments and businesses can adapt. In a rare joint statement, the Five Eyes alliance warned that advanced AI models are accelerating cyber threats [...]

New anti-scam text laws introduced after massive losses | 7NEWS

There's hope scam text messages could soon be a pest of the past with new anti-scam laws being introduced next week, but some say they don't go far enough to [...]

Shares
Share This

Discover more from Australian Cyber Aware

Subscribe now to keep reading and get access to the full archive.

Continue reading