Report highlights: Cyber Security NSW: governance, roles, and responsibilities
What the report is about
Cyber Security NSW is part of the Department of Customer Service, and aims to provide the NSW Government with an integrated approach to preventing and responding to cyber security threats.
This audit assessed the effectiveness of Cyber Security NSW's arrangements in contributing to the NSW Government's commitments under the NSW Cyber Security Strategy, in particular, increasing the NSW Government's cyber resiliency. The audit asked:
- Are internal planning and governance processes in place to support Cyber Security NSW meet its objectives?
- Are Cyber Security NSW's roles and responsibilities defined and understood across the public sector?
What we found
Cyber Security NSW has a clear purpose that is in line with wider government policy and objectives. However, it does not clearly and consistently communicate its key objectives, with too few reliable and meaningful ways of measuring progress toward those objectives.
Cyber Security NSW does not provide adequate assurance of the cyber security maturity self assessments performed by NSW Government agencies. Department heads are accountable for ensuring their agency's compliance with NSW government policy.
Cyber Security NSW has a remit to assist local government to improve cyber resilience. However, it cannot mandate action and does not have a strategic approach guiding its efforts.
What we recommended
By 30 June 2023 the Department of Customer Service should:
- implement an approach that provides reasonable assurance that NSW government agencies are assessing and reporting their compliance with the NSW Government Cyber Security Policy in a manner that is consistent and accurate
- ensure that Cyber Security NSW has a strategic plan that clearly demonstrates how the functions and services provided by Cyber Security NSW contribute to meeting its purpose and achieving NSW government outcomes
- ensure that Cyber Security NSW has a detailed, complete and accessible catalogue of services available to agencies and councils
- develop a comprehensive engagement strategy and plan for the local government sector, including councils, government bodies, and other relevant stakeholders.
Please contact Ian Goodwin, Deputy Auditor-General on 9275 7347 or by email.