WA govt agencies rack up more information system weaknesses

Government agencies in Western Australia are seemingly ignoring vulnerabilities in their information systems and the problem is getting worse, according to the state's Auditor General Colin Murphy.

Information systems are vital to government agencies, as they underpin just about everything they do, from operations to supply of services to the public. Ensuring the security and uptime of these systems is paramount for the WA government.

The information system auditing process involves looking at general computer controls that ensure effective processing of financial and key performance information for agencies.

In his annual financial audit results report (PDF), the number of information system control weaknesses found in WA government agencies jumped 15 percent year on year, from 246 to 282.

Of those weaknesses, 10 were rated as significant, and actually demanded immediate attention.

"[Disappointingly], the majority of information system control weaknesses are simple to fix with minimal effort and little expense," Murphy said in a statement. "Yet if left unresolved have the potential to compromise the confidentiality, integrity, and availability of computer systems and information."

In June, the WA auditor general's office released the results of an information systems audit on nine agencies (PDF), which assessed their IT and cybersecurity capabilities. The report found that the agencies could do more to strengthen controls related to "risk management, network security, policies, and overall security of their general computer systems.

The WA auditor general plans to bring out a more detailed report on its information system audits in early 2013.