Australia Post has been told to improve its cyber security practices after the national auditor found risk management gaps relating to two of its critical systems.
But two other corporate Commonwealth entities – the Reserve Bank of Australia and ASC – have been given largely a clean bill of health in an audit of cyber resilience.
The audit by the Australian National Audit Office (ANAO), released late on Thursday, examined the three entities based on a sample of their critical corporate platforms and systems.
This meant AusPost’s corporate data warehouse and eParcel applications, the RBA’s information and transfer system and ACS’s enterprise resource planning system.
However only AusPost was called out for “not effectively managed cyber security risks”, having not undertaken a “detailed security risk management assessment” on the two systems for two years.
One of the reasons for this result was that despite having a fit for purpose cyber security risk management framework, the government-owned corporation had “not met the requirements of its framework”.
The audit found only half of the ten sampled controls were designed and implemented as…
