NSW agencies must do more on data security

NSW Government agencies need to do more to ensure strong data security to protect the integrity and privacy of data on government activities and citizens, according to the state's Auditor-General.

In a report summarising key findings from the office's audits over the past four years, the NSW Audit Office noted that cybersecurity should be at the centre of public sector engagement with technology.

Past audits have highlighted critical security problems exposing organisations to service disruption, theft of information, cyber attacks and fraud.

The audits found a large variation in the capability of government entities to protect and manage their systems.

In some cases, processes are not in place for service providers to notify government agencies of security and data issues. Many entities also have inadequate data collection systems and processes, such as gaps in the collection of information that reflect the outcomes and benefits of their activities.

Past audit recommendations have included the development of whole-of-government systems to share reported threats and respond rapidly to incidents. Agencies should also adopt a comprehensive security plan including a risk-based approach to identifying current and target risk levels.

In addition, the report highlighted the importance of strong project management and governance capabilities to ensure agencies get the most out of new systems installed during a digital transformation. Staff engagement with the technology is another key consideration, it adds.

Image credit: ©iStockphoto.com/Federico Caputo

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.