Many Victorian public sector agencies are now using the internet to improve the community’s access to information and to deliver services to their customers. Their use of the internet for internal purposes also continues to grow. As it does, so does the need for effective internet security to provide a reliable and problem-free environment for users, and to safeguard agency data.
This guide, and the supporting check list, serves as a practical resource for chief information officers, business managers, information technology staff and audit committees, to help assess and improve their agency’s internet security practices.
The guide sets out the main issues that need to be considered when assessing the effectiveness of security over an internet system. It provides a starting point for a planned and structured approach, at an “overview” level, to such assessments. As agencies will have their own particular security needs and procedures, they should also consult with vendors, relevant regulatory bodies and information security organisations to obtain further information about the particular requirements of their specific systems.
This guide has been developed by the Victorian Auditor-General’s Office, drawing on work undertaken during recent audit examinations of internet security management across Victorian public sector agencies. Selected government departments and other agencies were also consulted during its development.
In producing the guide, we aim to raise awareness in all Victorian public sector agencies, including local government councils, of good practices to address internet security threats and risks. These practices should form part of the broader security arrangements over agency information technology (IT) systems, which should address both internal and external security threats and risks.
Download
No comments:
Post a Comment