The NSW Audit Office has recognised the importance of keeping data of customers and staff safe and embarked on improving its cyber security prioritising it under its Technology and Process Innovation strategic initiative.
“The Audit Office recognised the risk ‘We lose confidential information (including client and personal staff information) resulting in legal or regulatory breaches, or reputational damage’ as our highest priority strategic risk,” it said in its Annual Report 2018-19.
It also stated that “significant steps” were taken to enhance its cyber security as part of its plan to move from a reactive to defensive cyber security stance.
Some of the actions taken by the NSW Audit Office include the roll out of multi-factor authentication (MFA), advanced identity and device management systems, multiple disaster recovery and penetration tests and full re-certification of compliance with ISO27001.
Other actions include a full technology policy refresh, the delivery of mandatory cyber security classroom training for all staff and had guest cyber experts speak at one of its all-staff…
