Skip to content Skip to main navigation

Business

Buying or selling? Get the right advice

95% of ACT Government IT systems without the required System Security Plan

By johnboy - 8 June 2012 9

matrix

The Auditor-General’s report on Whole-of-Government Information and Communication Technology Security Management and Services paints a generally rosy picture of the ACT Government’s IT security.

But It worries us that attacks defended headlines the conclusions:

The protection of the ACT Government network is robust. Shared Services ICT Security Section’s security regime has successfully defended against over one million attempts to access the ACT Government’s network in the nine month period to 31 March 2012

The problem with IT security is it’s not the attacks you can see that you need to worry about. Indeed in military info-war exercises easily defeated and clumsy intrusion attempts are frequently used as a distraction from the real attack. (this is itself a failing of the tight windows of exercises a real world attack might well prefer complete stealth at an unexpected hour)

More worrying is this bit at the end of the conclusions.

Despite it being a requirement, only 5% of the ACT Government’s 1025 information management systems have a system security plan; and even fewer, some 2.24% have a threat and risk assessment. The reasons for this were not able to be ascertained. This is an issue that needs to be addressed.

Hand held devices, known as ‘portable platforms’ that can access the ACT

Government networks and the internet are proliferating. New or amended policies to govern the use of new technologies are required as a matter of priority.

The ACT Government does not have an electronic records management system. The need for such a system is likely to increase.

[Photo by Patrick Hoesly CC BY 2.0]

What’s Your opinion?


Post a comment
Please login to post your comments, or connect with
9 Responses to
95% of ACT Government IT systems without the required System Security Plan
steveu 4:00 pm 09 Jun 12

Duffbowl said :

$15k/system for a TRA? You’re getting ripped off.

Im sure they are.

Duffbowl 12:14 pm 09 Jun 12

steveu said :

Cue an expensive consultancy to knock up cookie cutter TRA (Threat and Risk Assessment) papers (apx $15K per system) and policy documents for these systems.

$15k/system for a TRA? You’re getting ripped off.

Deref 11:58 am 09 Jun 12

The people who work in IT Security in ACT gubmint are very smart and very competent.

Unfortunately they don’t make the decisions.

switch 9:54 am 09 Jun 12

steveu said :

You could assume from this that they have spent their money on the technical systems themselves, instead of having some public servant draft up pieces of paper that people ignore…

Most of the technically able people I work with who need to get things done NOW have long since given up on the 6+ week process it seems to take for approval of the simplest things and use their own private solutions.

steveu 8:23 am 09 Jun 12

You could assume from this that they have spent their money on the technical systems themselves, instead of having some public servant draft up pieces of paper that people ignore could be a good thing. Surprising given the number of Chiefs/Project managers doing their micro political dances around the few little Indians (techos) at IntACT.

Cue an expensive consultancy to knock up cookie cutter TRA (Threat and Risk Assessment) papers (apx $15K per system) and policy documents for these systems.

POK 6:57 pm 08 Jun 12

The mobile devices thing is probably execs wanting to bring their flashy toys to work. The need to keep within DSD approved guidelines doesn’t apply above a certain level. Just a pity that when the s*** hits the fan its never the guy who wanted to use his iTem that cops it.

JimCharles 12:57 pm 08 Jun 12

How do “portable platforms” access the ACT network?
Are they saying that they have no security policy or standards for mobile device usage within the service itself, or for the general public to access ACT Govt. information? Or both.

johnboy 11:38 am 08 Jun 12

Bluey said :

False. They have one its just not
a) centralised
b) universally used
c) given any thought and/or care.

But they do certainly have licenses for a certain records management system, ive installed it for them all over the place.

well, that would be the all important singular “an”!

Bluey 11:28 am 08 Jun 12

The ACT Government does not have an electronic records management system.

False. They have one its just not
a) centralised
b) universally used
c) given any thought and/or care.

But they do certainly have licenses for a certain records management system, ive installed it for them all over the place.

Related Articles

CBR Tweets

Sign up to our newsletter

Top
Copyright © 2017 Riot ACT Holdings Pty Ltd. All rights reserved.
www.the-riotact.com | www.b2bmagazine.com.au | www.thisiscanberra.com

Search across the site