ACT: Cyber security lost down the back of the bureaucracy

By

[Blog post] Buck passing takes its toll.

While comparatively tiny, the Australian Capital Territory has nevertheless managed to pull together an IT security policy.

ACT: Cyber security lost down the back of the bureaucracy

The problem is, however, that no-one knows if its recommendations are mandatory or whether they are guidelines.

That might have something to do with responsibility for infosec being distributed among nearly half a dozen bodies and agencies. It’s probably little surprise that the jurisdiction home to bureaucrats manages to breed layers of bureaucracy.

Score: 2/9

In her 2012 report, auditor-general Maxine Cooper mapped cyber security functions as far and wide as the Treasury’s records office, the shared services team, the justice directorate and the parliament’s security in government committee.

She painted a picture of the latter as a toothless body with a tendency to make policies and then forget about them a year or two later.

At that time, confusion about the Protective Security Policy Guidelines seemed to have taken their toll.

Cooper’s report found that even though having a system security plan was a requirement of the policy, only 5 percent of information management systems had one. Only 2 percent had undergone a threat and risk assessment, and none of the security assessments had been revised since 2010.

When Cooper issued the report, the Protective Security Policy Guidelines were under review to decide if a subset of 33 actions should be made mandatory.

As a result, in 2014, the policy was amended to include a list of four compulsory - if still somewhat vague in their substance - rulings.

They boil down to every directorate having its own risk-based security framework that adheres to the PSPG, keeping shared services informed about their sensitive data holdings, and meeting all legal obligations.

The revised policy still leaves a lot of wriggle room for ACT government entities, but let’s hope the stricter line boosts cyber awareness inside the jurisdictions that supports - even if it doesn’t control - some of the most critical infrastructure housed in the nation’s capital.

Want to see how all the states and territories stack up? Download our State of Security report. Do you work for the government? Let us know how you would have scored your state here.

Got a news tip for our journalists? Share it with us anonymously here.
Tags:
actact governmentsecuritystate of security
Paris Cowan
Paris Cowan joined iTnews in July 2013 after a stint at Intermedium, a news and data analysis firm based exclusively on government IT procurement. At Intermedium, Paris reported on new IT projects underway in state and federal agencies, interviewed public sector CIOs and was subsequently promoted to Online Editor in June 2012. While public sector IT will remain her key focus at iTnews, she has been given a broader remit to cover technology programs across several industries.
Read more from this blog: The State of Security

Sponsored Whitepapers

Operational excellence is a key part of system modernisation
Operational excellence is a key part of system modernisation
Barracuda’s security portfolio give MSPs teeth to help customers overcome cybersecurity challenges
Barracuda’s security portfolio give MSPs teeth to help customers overcome cybersecurity challenges
The State of Zero Trust Transformation, 2023
The State of Zero Trust Transformation, 2023
How Mainframe Modernization Begins with Application Modernization
How Mainframe Modernization Begins with Application Modernization
Insights Driven by Data. Verify, and keep verifying: Cybersecurity in a zero-trust world
Insights Driven by Data. Verify, and keep verifying: Cybersecurity in a zero-trust world

Most Read Articles

Eagers Automotive finds unauthorised access to parts of IT systems

Eagers Automotive finds unauthorised access to parts of IT systems
Hackers hit Victoria's court recording database

Hackers hit Victoria's court recording database
St Vincent's Health Australia warns cyber attack forensics could "take some time"

St Vincent's Health Australia warns cyber attack forensics could "take some time"
Yakult Australia confirms cyber incident

Yakult Australia confirms cyber incident

Digital Nation

State of Security 2023
State of Security 2023
More than half of loyalty members concerned about their data
More than half of loyalty members concerned about their data
How eBay uses interaction analytics to improve CX
How eBay uses interaction analytics to improve CX
COVER STORY: What AI regulation might look like in Australia
COVER STORY: What AI regulation might look like in Australia
Health tech startup Kismet raises $4m in pre-seed funding
Health tech startup Kismet raises $4m in pre-seed funding

Log In

  |  Forgot your password?