At-risk NSW government agencies have not set deadlines for resolving cybersecurity issues

At-risk NSW government agencies have not set deadlines for resolving cybersecurity issues

At-risk NSW government agencies have not set deadlines for resolving cybersecurity issues

A state audit has found that a large majority of assessed NSW government agencies have levels of cyber risk above their capabilities, and a large majority of them have no deadlines set to resolve these issues.

The audit was carried out as part of the NSW Cyber ​​Security Policy, launched in 2019.

As part of the NSW Auditor-General’s report released earlier this week (October 2), the state examined the cybersecurity situation of 26 government agencies.

According to the report, of the 20 agencies that assessed their cybersecurity risks, 18 felt that “their cybersecurity risks were above their appetite.”

Additionally, 14 of those 18 did not have set deadlines for resolving the issues but had “undetermined deadlines” in place.

Four of the 26 agencies did not provide additional high-risk cybersecurity awareness training, three agencies had not mandated annual cybersecurity training or defined their training requirements, and two agencies had no funded plan to improve their cybersecurity.

The general finding when it comes to identifying and recording cyber risks is that agencies need to consolidate their risk recording and reporting methods.

“Despite similar frameworks, agencies have adopted different interpretations on how to define and record risks,” the report said.

“The number of cybersecurity risks recorded by agencies ranged from one to 298. While some variance is expected due to the size and complexity of agencies, risk registers should be at a level that informs and supports decision-making. decision rather than a simple list. of all known vulnerabilities or potential incidents and causes of incidents.

The report also concluded that for agencies that emphasized the importance of mandatory cybersecurity awareness training, completion rates were low.

“Where it has been mandatory for staff to complete awareness training, agencies have reported actual completion rates of between 66 percent and 100 percent (22 agencies). No agency could provide statistics on their completion rates,” the report said.

Not counting the three agencies that require no training, 13 of the agencies send notifications of noncompletion to personnel managers, while the other nine notify staff directly.

Australian defense personnel data auctioned via real-time auction advertising platforms

Australian defense personnel data auctioned via real-time auction advertising platforms

Congress Has a Lo-Fi Plan to Fix the Classified Documents Mess

Congress Has a Lo-Fi Plan to Fix the Classified Documents Mess

Leave a Reply

Your email address will not be published. Required fields are marked *