Cybersecurity Follow-up Audit
Conclusion
The ANAO assessed that, of the three entities, only the Department of Human Services was compliant with the Top Four mitigation strategies. The Department of Human Services also accurately self-assessed compliance against the Top Four mitigation strategies and met its commitment to the Joint Committee of Public Accounts and Audit of achieving compliance during 2016.
Of the three entities, only the Department of Human Services was cyber resilient. Cyber resilience is the ability to continue providing services while deterring and responding to cyber attacks. Cyber resilience also reduces the likelihood of successful cyber attacks. To progress to being cyber resilient, the Australian Taxation Office and the Department of Immigration and Border Protection need to improve their governance arrangements and prioritise cybersecurity.
Recommendations
|
Recommendation No. 1
Paragraph 2.25
|
The ANAO recommends that entities periodically assess their cybersecurity activities to provide assurance that: they are accurately aligned with the outcomes of the Top Four mitigation strategies and entities’ own ICT security objectives; and that they can report on them accurately. This applies regardless of whether cybersecurity activities are insourced or outsourced.
Department of Human Services’ response: Agreed.
Australian Taxation Office’s response: Agreed.
Department of Immigration and Border Protection’s response: Agreed.
|
|
Recommendation No. 2
Paragraph 3.24
|
The ANAO recommends that entities improve their governance arrangements, by:
a. asserting cybersecurity as a priority within the context of their entity-wide strategic objective;
b. ensuring appropriate executive oversight of cybersecurity;
c. implementing a collective approach to cybersecurity risk management; and
d. conducting regular reviews and assessments of their governance arrangements to ensure its effectiveness.
Department of Human Services’ response: Agreed.
Australian Taxation Office’s response: Agreed.
Department of Immigration and Border Protection’s response: Agreed.
|