Forget the fortress, risk-based cybersecurity is its own mission

FEATURE: Different government agencies will have to weigh their own risk-based strategies for cybersecurity threats. For most it’s about stymying the enemy, not building the ultimate wall.

Successive audits at both state and federal level indicate there are plenty of public sector organisations that are yet to pick all the low-hanging fruit of cybersecurity. When they do, it needs to be more than a box-ticking exercise.

Most recently, the Australian National Audit Office looked at four entities and found two — one being the Australian Federal Police — still were not fully compliant with the “top four mitigation strategies” in the Australian Signals Directorate’s Information Security Manual.

The recent audit was conducted because ANAO previously found seven agencies were going to miss the deadline when the “top four” became mandatory at the end of June, 2014. The latest report, released last week, notes it is likely the new recommendations apply to other Commonwealth entities as well.

Mike Brown

Mike Brown

FREE membership to The Mandarin

Receive unlimited access, get all the latest public sector news and features, plus The Juice, our daily news update sent direct to your inbox.

The Mandarin is where Australia's public sector leaders discuss their work and the issues faced within modern bureaucracy. Join today to discover the latest in public administration thinking and news from our dedicated reporters, current and former agency heads and senior executives.