In the past couple of years, the Australian National Audit Office (ANAO) has made a number of adverse findings on the cyber posture of the nation’s agencies and departments.
At the start of the year, ANAO said tight deadlines lead AEC to ditch security compliance, a decision rejected by the AEC, and last year, ANAO found the Australian Taxation Office and the then-Department of Immigration and Border Protection were lacking on the information security front.
However, freshly-minted director-general of the Australian Signals Directorate (ASD) Mike Burgess told Senate Estimates on Tuesday night that taking a checklist approach to security is not always a good approach.
“Compliance with a list is not by itself good security,” Burgess said. “There is no doubt [ANAO’s] findings are their findings, but from that you should not necessarily draw that the heads of those departments, the agency heads, are not taking their responsibilities seriously, and they do work hard to identify and manage their security risks.”
According to the ASD chief, the existence of…