RT @Droid_News: Motorola earnings beat expectations http://bit.ly/btsNAg | #Droid #Android
11 minutes ago by frogiss117 on twitter
TOP NEWS: iPhone 4 to ring in Singapore on Friday
ZDNet / News / Security
Auditor slams Aust state govt IT security
Summary
Western Australia's Auditor General Colin Murphy examined the IT systems of 65 agencies in the state, and was not impressed with their security.
Topics
information security, it security, password, audit, monitor, agency
Events
IT Priorities 2010
Sydney, Australia - 27 Jul 2010
Melbourne, Australia - 28 Jul 2010
Mumbai, India - 4 Aug 2010
Delhi, India - 6 Aug 2010
IDC's Asia/Pacific Cloud Computing Conference 2010
31 Aug 2010
Marriott Hotel, Singapore
Western Australia's Auditor General Colin Murphy late last week delivered a scathing report into the security of state government IT systems, billing it as a "wake-up call" to departments and agencies.
In the report, Murphy's office examined 65 agencies in general, and drilled down into detail for five agencies which collected sensitive information about state residents. The auditor was not impressed with his findings. The agencies were not named.
"I found fundamental weaknesses in all of the key areas of information security at the agencies examined," he said of the five agencies examined in detail. The rest also displayed signs of problems.
"The results of the general computer and application controls audits reinforces my concern that many agencies are continuing to ignore the importance of effectively managing their information systems ... agencies leave themselves vulnerable to computer system failures, unauthorised access to information, loss of information and fraudulent activity," Murphy added.
Some of the problems the audits found included:
- A lack of IT security policies
- Former employees' accounts had not been deleted
- Generic accounts with no passwords, or passwords that were easy to guess. By using these accounts and guessing passwords, Murphy's office was easily able to access 700,000 sensitive records via the Internet
- Passwords left on post-it notes on monitors
- A failure to log or monitor network use or unsuccessful log-on attempts
- Security patches and updates not being applied
- Information being stored in databases that had no passwords and known security weaknesses
- Default software passwords being used
- Confidential documents saved to unsecured network servers
- USB drives connected to sensitive computers
- A lack of police checks or confidentiality agreements for staff dealing with sensitive data
The problems were widespread throughout other agencies as well, with more cursory checks on 41 other agencies finding that over 60 per cent did not have effective controls to manage IT risks, information security and business continuity.
Murphy wrote that in many cases, many of the security controls overlooked by departments and agencies did not require expensive technology or specialist resources. "Good controls can be achieved through the appropriate implementation and management of basic policies, procedures and practice," he wrote. "I expect agencies across government to take note of the findings and recommendations of this report."
Access data anywhere in the private cloud & enable entirely new efficiencies with EMC VPLEX.
Tech Vendor: EMC
Tech Vendor: EMC
Latest Stories
ZDNet Asia Live
US court rejects class action status for Intel antitrust suit http://bit.ly/cWeSQZ
17 minutes ago by MeetAnnMCarron on twitter
US court rejects class action status for Intel antitrust suit http://bit.ly/9mqiJR
17 minutes ago by lifesystem1 on twitterhttp://bit.ly/8v7Ov3 US court rejects class action status for Intel antitrust suit - ZDNet Asia http://is.gd/dSz7R
18 minutes ago by easytweeting on topsy
US court rejects class action status for Intel antitrust suit http://bit.ly/9AbnMF
32 minutes ago by MLMRocketFuel on twitter
Non-green IT products 'marketing suicide': This 50-hectare eco-business park is described as a "living laboratory"... http://bit.ly/aCqko4
36 minutes ago by greenexistence on twitter
great! US court rejects class action status for Intel antitrust suit http://bit.ly/9acwER Good day!
37 minutes ago by bestwinnernet on twitter
Shocked! RT: @danielgoh: Oh really? RT @scoopsg: (zdnetasia) S'pore marketeers not chirping to Twitter's tune http://scoo.ps/dpkySs
40 minutes ago by mitchtan on twitter
Non-green IT products 'marketing suicide': By Munir Kotadia, ZDNet Australia on July 30, 2010 (8 minutes ago) Vend... http://bit.ly/aCqko4
51 minutes ago by OutsourceMethod on twitter
sg marketeers not chirping to twitter's tune http://bit.ly/aRAa1Y - baby steps baby steps
1 hour 3 minutes ago by sashizoso on twitter
Non-green IT products 'marketing suicide': This 50-hectare eco-business park is described as a "living laboratory"... http://bit.ly/cEkDUD
1 hour 4 minutes ago by BlissfulSeed on twitterNon-green IT products 'marketing suicide': At the same time, it seems vendors see green technology as a very high ... http://bit.ly/aCqko4
1 hour 18 minutes ago by greentreats on topsy
Oh really? RT @scoopsg: (zdnetasia) S'pore marketeers not chirping to Twitter's tune http://scoo.ps/dpkySs
1 hour 31 minutes ago by danielgoh on twitter
@mrcolinlim but of course for more tech updates you can always visit zdnetasia.com
1 hour 57 minutes ago by t_phuck on twitterRT @zdnetasia: Searchable Facebook user data posted to Pirate Bay http://bit.ly/ciJQxY
2 hours 15 minutes ago by phyllis777loves on topsyin the mean time, if you need to find PDF eBooks, you may use http://www.findpdf.us/
4 hours 55 minutes ago by findpdf on Researchers find workaround for Adobe PDF fixJust want to say what a great blog you got here! My appreciation of your work, cause i am an IT student also. Try this one too, http://w...
5 hours 2 minutes ago by winsource on Making the case for Filipino IT entrepreneurshipHi, We have ton of HP empty cartridges. Could you collect them in our office??
Thanks
Thanks Kenneth, for your insights. Good to know people out there can see the issue for what it is, and to do so impassively, that is. ...
2 days 180059 seconds ago by yedwin on iPhone 4 shows prudence in procrastinationWhile I agree that the issues with the device have raised many an eyebrow, I think it's unwise to forget that many phone reviews have...
2 days 12 minutes ago by kennethkoh on iPhone 4 shows prudence in procrastinationThe online apple store http://store.apple.com/ is not available now. Maybe it's updating the pricing ;)
2 days 10 minutes ago by mingnow on iPhone 4 to ring in Singapore on FridayAfter an awful silence, finally the prices are out..
3 days 6 minutes ago by melvinchia on iPhone 4 to ring in Singapore on FridayGlad you discovered the Xfce 4.6 magic. Its other endearing feature is its phenomenal configurability. You can make the desktop look and ...
3 days 12 minutes ago by gnome_refugee on Smitten with Xfce 4yep, tried them all and xfce with compiz/emerald instead of fvwm is by far the best experience I've had. If you didn't know ther...
3 days 11 minutes ago by ggolemg on Smitten with Xfce 4@mingnow: why do you think so? How do you think the FOSS community could tackle this issue? I'm involved in a lot of efforts to get t...
3 days 17 minutes ago by fredericmuller on Taobao initiates Chinese open source revolutionGeez. I would think giving free books and getting kids to school would be a better place to start.
3 days 24 minutes ago by mingnow on India's US$35 tablet--how low can it go?I think it's great the that country with the biggest internet population is finally contributing back to the open-source world. I thi...
4 days 11 minutes ago by mingnow on Taobao initiates Chinese open source revolutionhey.there Im Wendy from a PR Agency.I find your blog interesting and well written.In days to come,we would hold an event. Therefore We ...
4 days 41 minutes ago by wendy on iPhone 4 shows prudence in procrastinationIt could be done without all these. Just use the opacity addon of Compiz.
4 days 5 minutes ago by hariks0 on How to get RGBA support in UbuntuKeep Up With ZDNet Asia
Facebook 
RSS Feeds 
Newsletters 
Twitter Inside ZDNet Asia
Sponsored
Stop Waiting Start Switching to Juniper
Free Gartner Report shows it reduces costs and increases efficiency
What makes a hospital a smart hospital?
Download your copy of 'The Smart Hospital' Resource Kit to learn more
2010 IT Salary & Skills Report
Find out the salary range of IT professionals. Join activeTechPros for free access to the report.
