Dozens of NSW councils still without basic cyber security controls, audit finds – Strategy – Security

Nancy J. Delong

Far more than a third of regional councils throughout NSW are nevertheless devoid of simple internal controls and governance arrangements for cyber safety, the state’s auditor-standard has uncovered.

In its once-a-year audit of the regional govt sector, the NSW Audit Office discovered inadequate administration of cyber safety at 58 of the state’s 128 regional councils, 9 county councils and 13 joint organisations.

“Fifty-eight councils have however to put into action simple governance and internal controls to handle cyber safety,” the report [pdf] introduced on Thursday stated.

It stated this bundled “a cyber safety framework, policy and course of action, sign-up or cyber incidents, penetration testing and training”.

Bellingen Shire Council was singled out in the report for its deficiency of a cyber hazard framework and policy (a repeat getting), as was Maitland City Council for acquiring gaps in its cyber safety controls.

Newcastle City Councils was likewise discovered to have no official IT guidelines and treatments for cyber safety, as effectively as obtain administration and incident administration.

Maitland City Council and Newcastle City Council were also discovered to have no cyber safety recognition program.

Although the final result is an advancement on final yr, when 80 per cent of councils were discovered to have no official cyber safety policy, the audit highlights the ongoing battle to tackle IT safety threats.

The audit notes that whilst there is no necessity for councils to comply with the NSW government’s cyber policy, “councils might find it useful to refer to the policy for additional guidance”.

Cyber Security NSW is at present doing work with the Office of Community Govt with the Department of Arranging, Field and Environment to produce an field-certain cyber safety policy by July.

It follows a suggestion in final year’s regional govt audit that the Office of Community Govt do so to “ensure a steady response to cyber safety hazard throughout councils”.

The govt has also considering the fact that extended the remit of Cyber Security NSW to involve councils and more compact agencies many thanks to a $sixty million investment decision in the central cyber office environment final yr.

The peak physique for councils in the point out, Community Govt NSW, final yr criticised the govt for failing to aid cyber safety in the regional govt sector.

The audit report also discovered that 64 councils “did not formalise and/or routinely critique their crucial IT guidelines and treatments.

A additional forty three councils “did not conduct a periodic consumer obtain critique to ensure users’ obtain to crucial IT systems” were appropriate and sixty eight councils “did not keep an eye on privileged accounts’ action logs”.

Next Post

US Senate advances sweeping tech bill taking aim at China - Hardware

The US Senate on Thursday highly developed a sweeping package of laws intended to improve the country’s skill to compete with Chinese technological innovation, as Congress more and more seeks to acquire a challenging line towards Beijing. Senators voted sixty eight-30 to close debate on the US$250 billion US Innovation […]