An information systems audit of 10 local governments in Western Australia has found all had “significant shortcomings” in their information security practices.
The inaugural review conducted by Office of the Auditor-General found only four entities demonstrated that they were effective or partially effective in at least half of the 14 areas of the security standard.
“In addition, the level of maturity for entities’ general computer controls was low, with no entity meeting our minimum capability benchmark across all control categories,” Auditor-General Caroline Spencer said last week.
Across the 10 entities, the audit identified 150 general computer control weaknesses with 13 rated as significant, 113 as moderate, and the rest as minor.
“All local government entities, including those not sampled in this audit, need to carefully consider the standards and the recommendations in this report to improve information security practices and protect the confidentiality, integrity and availability of information and systems,” Ms Spencer said.
The audit report can be read on the OAG’s homepage or downloaded.