Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Nairn disappointed with ANAO report: launches workgroup

Special Minister of State Gary Nairn has expressed disappointment at the findings of a report into Internet security by Australia's National Audit Office (ANOA).

While Nairn considers the findings timely, he said it also highlights some issues surrounding areas of governance, processes and security technology in government agencies.

These area are critical, the minister said, for agencies to rollout the proposed e-Government strategy.

Six Australian government agencies have come under fire from ANAO for their lax security.

Dubbed the Internet Security in Australian Government Agencies report, it found 31 specific risks - as defined by the Defence Signals Directorate (DSD) - in agency Web servers.

Three percent of risks were high level, 32 percent were medium level and 65 percent of risks were low-level risks. The ANAO made 51 suggestions for improvements.

Alarmingly, the ANAO report also concluded the current level of Internet security in six government agencies was insufficient, and that none of the agencies fully complied with the Protective Security Manual (PSM) and ACSI 33.

"Given these circumstances it doesn't help anyone if we approach this with a witchhunt mentality," the minister said.

"I have asked the Australian Government Information Management Office (AGIMO) to look at ways we can get the message to CEOs and to help CIOs put in place the necessary structures, processes and tools to meet the requirements.

"The ANAO has provided detailed reports to each of the agencies that were audited and they all accept the findings. ANAO and the government will not make public any of the detail as this would compromise security."

Nairn said AGIMO will now be looking to conduct briefings to Government CEOs to "bring them up to date with the changing nature and sophistication of the external threat," and also include a "Better Practice Guide" for CEOs to help in understanding the structures, processes and funding they need to address Internet security.

Workshops will also be provided in conjunction with the Defence Signals Directorate (DSD) and Attorney General's Department for CIOs and technical staff on the steps needed to fully implement the measures outlined in the 2005 PSM and ACSI 33 standards.

The audited agencies were Australian Customs Service, Australian Federal Police, Australian Radiation Protection and Nuclear Safety Agency, Department of Education and Workplace Relations, Department of Industry, Tourism and Resources, and Medicare Australia.

None of the agencies had ICT security documentation that complied with security standards with limited business continuity plans.

E-mail filtering in all agencies was found to be inadequate.

The report also recommended the Department of Industry, Tourism and Resources document the coverage of Internet services within business continuity and disaster recovery plans in 2006-07, introduce requirements for documenting benefits versus risk before purchasing new technologies and review e-mail blocking tools with a view to "improving the blocking of malicious e-mails".

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: ANAO, Attorney General's Department, Australian Customs Service, Australian Federal Police, Federal Police, National Audit Office

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • Seven SOA Practices to Unlock Business Value
    The fact is that companies are increasingly using SOA to gain competitive business advantage. Distilled down to seven essential SOA practices, the following list enables IT professionals to tightly align SOA investments with their organization’s business priorities. Using these practices can help with driving competitive advantage and adding measurable business value...and that’s a sure way for IT pros to win recognition and ongoing support within their companies.
    Learn more »
  • Keeping up With Ever-Expanding Enterprise Data - 2010 IOUG Database Growth Survey
    A majority of respondents report having performance and budget issues due to exponential data growth. Those companies with the highest rates of data growth, in fact, are eight times more likely than slow-growth sites to be seeing significant increases in their storage budgets. New processes and tools are needed to help organizations take control of the massive volumes of information now moving through their systems. The IOUG survey looked at approaches being taken by organizations to manage their growing data stores, and what still needs to be done.
    Learn more »
  • HP Imaging and Printing Services
    According to Gartner, a major focus for organisations today and in the foreseeable future is shifting from cost reduction to growth, expansion, innovation, and operational excellence. If your organization is serious about driving growth and innovation and improving customer experiences, you’ll find that a well-managed imaging and printing environment is key to these goals. A growing number of organizations are turning to services as a means of integrating imaging and printing into their overall IT infrastructure strategies. It may be one of the fastest ways to continue to drive down costs, fund innovation, and prepare your organisation to capitalise on future opportunities. Read more.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments