National eSecurity Review

The Attorney-General’s department is open for submissions (closing 2008-07-31) about Australia’s eSecurity.

Details at http://www.ag.gov.au/esecurityreview, with email submissions to e-securityreview@ag.gov.au

Here are snippets from the discussion paper and terms of reference:

… the review encourages you to consider the role of the following key enablers:

  • Supporting policies, procedures and technical standards
  • Education, training and awareness raising
  • Information sharing, including international cooperation
  • Ongoing testing, evaluation and exercises
  • Research and development
  • Legal and law enforcement
  • Physical, administrative and personnel security

You do not need to address all the areas listed above in your submission and you may comment on any other issues that you consider relevant to the terms of reference. The following questions may also assist you in writing your submission:

  • What do you see as being Australia’s top three e-security priorities?
  • What do you believe are the respective roles and responsibilities of government (including State/Territory and local), industry and home users in addressing e-security issues?
  • In what ways could Australia better protect itself against e-security threats and vulnerabilities?
  • What do you consider to be your role in e-security in Australia?

My initial thoughts are….

  • All tenders must explicitly state DSD-ACSI-33 (and the appropriate level) as a requirement.
  • DSD to audit requirements documents and be involved in testing for any system nominated as relating to national security, or widely used within government (e.g. databases accessed by more than one agency).
  • No system interfacing with critical infrastructure or central authorization/authentication systems to go into production unless DSD gives it a big tick (including things like backup/restore procedures and patch management plans).
  • All third-party systems (e.g. those employment services providers that work on behalf of Centrelink) are audited and reviewed just as much as systems running inside government agencies.
  • IT security officers within agencies to have the right to veto new systems going into production.

Big hint — keep operating systems and application systems known to have everpresent security problems out of government… (and this will also improve our trade balance, because of all the money we’ll save by avoiding Microsoft products).

This entry was written by Dave Bath, posted on 2008-07-15 at 18:40:17, filed under ACT, Federal, NSW, NT, Qld, SA, Tas, Vic, WA, ag.gov.au. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*