An audit of four federal government agencies by the Australian National Audit Office (ANAO) has found that while overall they were taking appropriate steps to protect sensitive material from cyber attack, in some instances their information security policies were out of date.

 

The agencies, Australian Office of Financial Management (AOFM), ComSuper, Medicare Australia and the Department of the Prime Minister and Cabinet (PM&C), were chosen as representing a cross‐section of agencies and their associated ICT systems.

 

In its introduction, the report noted that “The recent ‘Wikileaks’ release of Government electronic information has demonstrated the importance of maintaining appropriate protective security frameworks and the risks of failing to adequately protect electronic information.

 

The ANAO examined the extent to which agencies had an effective framework and controls in place across four areas: information security framework; network security

management; access management; and equipment security.

 

It recommended that third‐party software applications should be regularly assessed for the availability of patches, and that administrator accounts and service accounts, which allow a high level of access across ICT systems, should use sufficiently complex passwords to reduce the chances of hacking.  Emails using public web‐based email services  should be blocked on agency ICT systems, as these can provide an easily accessible point of entry for an external attack.

 

The report, ‘The Protection and Security of Electronic Information Held by Australian Government Agencies’ is available at http://www.anao.gov.au/