Sunday, January 17, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

WA Auditor reveals ‘concerning’ security practices within state Registry System

November 26, 2020
in Internet Security
Protections for ‘revenge porn’ victims enter NSW Parliament
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

The Auditor General of Western Australia has labelled the security controls in place within one system administered by the Department of Justice as “so concerning they were not tabled as part of the office’s annual information systems report in May 2019 as planned”. 

The auditor’s 11th annual Information Systems Audit Report was tabled in May 2019 and contained the results of the 2018 annual cycle of information systems audits.

You might also like

DuckDuckGo surpasses 100 million daily search queries for the first time

Xayn introduces user-friendly and privacy-protecting web search

NSA warns against using DoH inside enterprise networks

In addition to those that were published at the time, the audit was also performed on the Western Australian Registry System, used by the Registry of Births, Deaths and Marriages, which is a division of the WA Department of Justice.

“The results of the audit were so concerning that, in a highly unusual step and in accordance with sections 7(6) and 25(1) of the Auditor General Act 2006, I decided not to include the results of this application controls audit in the May 2019 report to Parliament,” Auditor General Caroline Spencer wrote in a report [PDF] published Thursday.

“I considered that publishing the significant findings at that time, when the system vulnerabilities still existed, would not be in the public interest.”

Spencer said it’s a frequent occurrence for her office to find weaknesses in public sector entities’ systems, but said the nature of the data in the Western Australian Registry System, and what it can potentially be used for, rendered the findings in her report “particularly concerning”.

The system contains valuable records that are used to confirm people’s identity. It registers all adoptions, births, deaths, marriages, and change of name events in the state. In 2019, it was found the system was not adequately protecting the confidentiality and integrity of that information housed within it.

“Highly confidential and foundational information was at risk of unauthorised access, alteration, and disclosure due to inadequate database controls, security vulnerabilities, and insufficient monitoring of changes to critical information,” the report said.

It added that insufficient disaster recovery planning also meant the system was at risk of not being recovered in a timely manner in the event of a disruptive incident.

The audit in 2019 found the department did not appropriately monitor access to information, nor changes made. There was also 11 third-party vendor staff that had full access to the database and could make changes to information, such as names and life events.

“The registry would not know if vendor staff had inappropriately accessed or changed information as there was no logging or auditing of the database,” the report said.

“Our follow-up audit in 2020 identified that the department has reduced the number of staff with full access to the database and developed a process to monitor key changes made to information in the database.”

The security of electronic records needed improvement, the Auditor General said. The report said the confidential information within the system is not protected through encryption, nor is it masked in test environments.

Security weaknesses identified in 2019 included insecure databases, weak passwords, and unprotected personal information, which allowed for replication.

“Our 2019 audit found that the system was not adequately protected from the threat of cyberattacks,” the report noted, adding the department has since undertaken significant work to improve its vulnerability management capabilities.

The Auditor General made a handful of recommendations, with four to be completed by June 2021, another by December 2021, and the final one, regarding the actual change of name process, is awaiting legislation to pass before it can be implemented.

“Significant work has been undertaken to improve the department’s vulnerability management capabilities and database security controls have been incorporated into the ICT Governance Framework to ensure ongoing review and enhancement,” Justice wrote in response.

It said it has also developed an audit process to monitor key changes made to information in the database.

MORE FROM THE WEST

Credit: Zdnet

Previous Post

Interpol Arrest 3 Nigerian BEC Scammers For Targeting Over 50,000 Entities

Next Post

How AI- and Machine Learning (ML)-based solutions can be used to restore ancient cave murals

Related Posts

DuckDuckGo surpasses 100 million daily search queries for the first time
Internet Security

DuckDuckGo surpasses 100 million daily search queries for the first time

January 17, 2021
Xayn introduces user-friendly and privacy-protecting web search
Internet Security

Xayn introduces user-friendly and privacy-protecting web search

January 16, 2021
NSA warns against using DoH inside enterprise networks
Internet Security

NSA warns against using DoH inside enterprise networks

January 16, 2021
Joker’s Stash, the internet’s largest carding forum, is shutting down
Internet Security

Joker’s Stash, the internet’s largest carding forum, is shutting down

January 16, 2021
Iconic BugTraq security mailing list shuts down after 27 years
Internet Security

Iconic BugTraq security mailing list shuts down after 27 years

January 16, 2021
Next Post
How AI- and Machine Learning (ML)-based solutions can be used to restore ancient cave murals

How AI- and Machine Learning (ML)-based solutions can be used to restore ancient cave murals

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

DuckDuckGo surpasses 100 million daily search queries for the first time
Internet Security

DuckDuckGo surpasses 100 million daily search queries for the first time

January 17, 2021
Automated Data Science and Machine Learning Platforms Market Comprehensive Analysis, Share, Growth Forecast from 2020 to 2025
Machine Learning

Automated Data Science and Machine Learning Platforms Market Comprehensive Analysis, Share, Growth Forecast from 2020 to 2025

January 17, 2021
Xayn introduces user-friendly and privacy-protecting web search
Internet Security

Xayn introduces user-friendly and privacy-protecting web search

January 16, 2021
WhatsApp Delays Controversial ‘Data-Sharing’ Privacy Policy Update By 3 Months
Internet Privacy

WhatsApp Delays Controversial ‘Data-Sharing’ Privacy Policy Update By 3 Months

January 16, 2021
NSA warns against using DoH inside enterprise networks
Internet Security

NSA warns against using DoH inside enterprise networks

January 16, 2021
NSA Suggests Enterprises Use ‘Designated’ DNS-over-HTTPS’ Resolvers
Internet Privacy

NSA Suggests Enterprises Use ‘Designated’ DNS-over-HTTPS’ Resolvers

January 16, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • DuckDuckGo surpasses 100 million daily search queries for the first time January 17, 2021
  • Automated Data Science and Machine Learning Platforms Market Comprehensive Analysis, Share, Growth Forecast from 2020 to 2025 January 17, 2021
  • Xayn introduces user-friendly and privacy-protecting web search January 16, 2021
  • WhatsApp Delays Controversial ‘Data-Sharing’ Privacy Policy Update By 3 Months January 16, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates