Select Page

Audit: Western Australia Auditor General’s State Government Information Systems Audit 2021-22

Posted by | Mar 22, 2023 | , , , , , , , | 0 |

Audit: Western Australia Auditor General’s State Government Information Systems Audit 2021-22

West Australian State Government Audit Report 22 March 2023

Western Australia Auditor General’s State Government Information Systems Audit 2021-22 566 control weaknesses 34 significant

Cases: malicious insiders no MFA, outage from an unauthorised device, former employee accessing finance system one month after termination.

Western Australia Auditor General Report: Information Systems Audit – State Government 2021-22

Read more Western Australia Auditor General Reports and West Australia incidents.

WA State Gov Audit 2023 1

Auditor General Ms Caroline Spencer said 566 information system weaknesses were reported to 61 entities, compared to 526 findings to 54 entities last year. ‘Concerningly, similar to last year, half of the audit findings were unresolved issues from the previous year.

The report found a significant majority of the entities failed to meet our benchmark in endpoint security, access management and human resource security. Information security control weaknesses were so pervasive in 13 entities they resulted in a record number of qualified audit opinions – a serious matter – related to various data breach risks.

The report includes a number of case studies that the public sector and community can learn from:

  • A former employee accessed an entity’s physical facility, logged on to the entity’s network and accessed the financial system more than one month after their employment had been terminated as the entity had failed to complete exit procedures required to revoke employee’s access to the network and systems.
  • A network outage caused by an unauthorised device interrupted key services.
  • Decades old network equipment leaves an entity, which has a significant number of connected sites, without modern security features to detect or prevent unauthorised devices and attacks – an attack would severely impact that entity’s ability to deliver vitally important services to the community.
  • A malicious insider reset the password of another staff member to gain access to a key business system and copied information. The entity was unaware of the malicious access and data extraction for several months as their access logging and monitoring processes were not working effectively. This inappropriate access could have been prevented or made more difficult if multi-factor authentication was enforced.

WA State Gov Audit 2023 2

 

Rate:

About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Related Posts

Incident: Human error, not data breach, behind Port Arthur staff information appearing ‘live’ on library website | ABC News (Australia)

Incident: Human error, not data breach, behind Port Arthur staff information appearing ‘live’ on library website | ABC News (Australia)

June 20, 2023

Incident: 300GB allegedly stolen from Australian immigration consultancy – cyberdaily.au

Incident: 300GB allegedly stolen from Australian immigration consultancy – cyberdaily.au

April 8, 2024

Audit: Northern Territory School children’s data exposed to cyber security threats due to education department oversight | ABC Australia

Audit: Northern Territory School children’s data exposed to cyber security threats due to education department oversight | ABC Australia

August 17, 2019

Audit: WA registry system flaws force auditor to delay findings by 18 months | iTnews

Audit: WA registry system flaws force auditor to delay findings by 18 months | iTnews

November 26, 2020

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please follow the Source link to the original article to support the content owner. We only provide a brief summary with metadata to assist in categorisation.

More Australian News

Scam victims to get up to $3,000 under new government proposal | ABC NEWS
Scam victims to get up to $3,000 under new government proposal | ABC NEWS

Under the federal government’s proposed laws, scam victims could getup to $3,000 back from their bank or other companies. National Consumer Affairs reporter Michael Atkin says it would be a [...]

Exclusive: Marketing and merchandise firm Branded Products listed by Qilin ransomware
Exclusive: Marketing and merchandise firm Branded Products listed by Qilin ransomware

A company with clients including the Department of Foreign Affairs and Trade, the Royal Flying Doctor Service, and many more has suffered a potential … [...]

Exclusive: New Zealand’s Alpha Group Holdings allegedly hacked
Exclusive: New Zealand’s Alpha Group Holdings allegedly hacked

Qilin ransomware continues its ANZ hacking campaign, listing an Auckland-based health supplement producer. • Wed, 27 May 2026 • Security *]:clear-none … [...]

Scammers target Australians with 'free' tai chi classes ad to trick them into downloading malware
Scammers target Australians with 'free' tai chi classes ad to trick them into downloading malware

Scammers are targeting Australians with advertisements for 'free' tai chi classes to trick them into downloading malware capable of stealing money … [...]

Attorney-General's Department contacted Australian Cyber Security Centre when notified of court privacy breach
Attorney-General's Department contacted Australian Cyber Security Centre when notified of court privacy breach

Litigants in at least 146 court matters were potentially involved in a data breach that is now the subject of a formal complaint with the privacy … [...]

Alert! National Anti-Scam Centre, ASIC warn Aussies of fake crypto trading platforms
Alert! National Anti-Scam Centre, ASIC warn Aussies of fake crypto trading platforms

Scammers are advertising crypto trading websites filled with fake data to share trading message groups – and taking victims’ money right now. • Mon, … [...]

Exclusive: Victorian regional newspaper allegedly hacked by ransomware group
Exclusive: Victorian regional newspaper allegedly hacked by ransomware group

The Adviser, a media outlet based in Shepparton, has been hit by a potential 350-plus gigabyte data breach. • Mon, 25 May 2026 • Security *]:clear-none … [...]

State Library of NSW responding to April cyber intrusion
State Library of NSW responding to April cyber intrusion

Library services remain offline following “suspicious activity in our catalogue”; services are expected to be back online by the end of the month. • … [...]

Directors told to stop admiring the AI problem and start governing it - AICD
Directors told to stop admiring the AI problem and start governing it - AICD

Directors told to stop admiring the AI problem and start governing it Friday, 15 May 2026 Brisbane played host to the AICDs’ Tech Governance Forum last … [...]

Student hackers take on 'ethical battle' beyond cyber attacks and exploits
Student hackers take on 'ethical battle' beyond cyber attacks and exploits

When more than 100 hackers meet in a room, it might be a good idea to update your password. But these cybersecurity sleuths have gathered for a good … [...]

How Australia's ASIC v FIIG decision supports your cyber investment business case
How Australia's ASIC v FIIG decision supports your cyber investment business case

What you need to know First AFSL cyber penalty: FIIG's $2.5 million penalty is the first cyber security penalty under general financial services … [...]

APRA and ASIC Sound the AI Alarm for Boards and Executives
APRA and ASIC Sound the AI Alarm for Boards and Executives

What you need to know APRA and ASIC have sent powerful messages to regulated entities regarding AI, cyber security and operational resilience in … [...]

Shares
Share This

Discover more from Australian Cyber Aware

Subscribe now to keep reading and get access to the full archive.

Continue reading