The audit was based on the level of compliance reported at 30 June 2020. This report assesses whether state government agencies are complying with the NSW Cyber Security Policy. The NSW Cyber Security Policy requires agencies to report their level of maturity implementing the mandatory requirements, which includes the ACSC's Essential 8.ġ00% of audited agencies failed to reach level one maturity for at least three of the Essential 8 controls.ĥ3% of mandatory requirements implemented in an ad hoc or inconsistent manner, or not at all.Ĩ9 of the 104 reporting agencies across government met the reporting deadline of 31 August. Improvement requires leadership and resourcing. The poor levels of agency cyber security maturity are a significant concern. We are of the view that transparency and accountability to the Parliament of New South Wales are part of the solution, not the problem. We reluctantly agreed to anonymise our findings, even though they are more than 12 months old. Separately, the agencies we audited requested that we not disclose our audit findings. challenge agencies' target maturity levels.Īgencies should resolve discrepancies between their reported level of maturity and the level they are able to support with evidence.require the agency head to formally accept the residual risk. ![]() ![]() require agencies to justify why it is appropriate to target a low level of maturity.require agencies to report the target and achieved levels of maturity.monitor and report compliance with the CSP.In this report, we repeat recommendations made in the 20 Central Agencies reports, that Cyber Security NSW and NSW Government agencies need to prioritise improvements to cyber security resilience as a matter of urgency. there is no monitoring of the adequacy or accuracy of agencies' self-assessments.agencies tended to over-assess their cyber security maturity - all nine participating agencies were unable to support all of their self-assessments with evidence. ![]() none of the participating agencies had implemented all of the Essential 8 controls. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |