Detecting and responding to cyber security incidents

2 March 2018
 

A report released today by the Auditor-General for New South Wales, Margaret Crawford, found there is no whole-of-government capability to detect and respond effectively to cyber security incidents. There is very limited sharing of information on incidents amongst agencies, and some agencies have poor detection and response practices and procedures.

'I am concerned that incidents will go undetected longer than they should, and opportunities to contain and restrict the damage will be lost', said the Auditor-General.

Cyber security incidents can harm government service delivery and may include theft of personal information, denial of access to critical technology, or even the hijacking of systems for profit or malicious intent.

Given current weaknesses, the NSW public sector’s ability to detect and respond to incidents needs to improve significantly and quickly.

'The NSW Government needs to establish a clear whole-of-government responsibility for cyber security that is appropriately resourced to ensure agencies report incidents, information on threats is shared and the public sector responds in a coordinated way', said Ms Crawford. 


Further information

A full copy of the report is available here.

Barry Underwood, Director, Office of the Auditor-General, on 9275 7220 or 0403 073 664 and email barry.underwood@audit.nsw.gov.au.

 

Our vision

Our insights inform and challenge government to improve outcomes for citizens.

Our purpose

To help parliament hold government accountable for its use of public resources.

Our values

  • Purpose – we have an impact, are accountable and work as a team.
  • People – we trust and respect others, and have a balanced approach to work.
  • Professionalism – we are recognised for our independence and integrity and the value we deliver.