​Information security remains a challenge for NSW universities: Auditor-General

NSW Auditor-General Margaret Crawford has warned that the state's universities are at risk of security attacks, data integrity issues, fraud, and identify theft.

New South Wales Auditor-General Margaret Crawford has expressed disappointment in the state's universities for the lack of effort they have put into improving the level of IT security.

"It is again disappointing that many of these issues were raised in 2014 and one third still remain unresolved," Crawford said in the latest financial audit of NSW universities.

She said that due to the lack of effort, NSW universities are at risk of security attacks, data integrity issues, fraud, and identify theft.

The audit revealed that information security issues made up 91 percent of all IT issues identified and reported to management during the 2015 university audit, with 53 percent having been reported in the prior year and 54 percent being repeat issues.

The main area of concern, according to the report, is user administration, which accounted for 59 percent of all information security issues. The report identified that they were mainly related to the absence of or weak processes surrounding user access reviews, and delayed termination of user access to systems.

Other information security related issues that were identified in the audit included password parameters, privileged access, and security policies.

The auditor-general has recommended for the management of user administration processes be strengthened to prevent inappropriate access to financial information.