Dozens of NSW councils still without basic cyber security controls, audit finds

Before we start talking about all the nice shiny things (“Zero Tust”, I’m looking at you) how about getting the basics right…:

More than a third of local councils across NSW are still without basic internal controls and governance arrangements for cyber security, the state’s auditor-general has revealed.

In its annual audit of the local government sector, the NSW Audit Office found poor management of cyber security at 58 of the state’s 128 local councils, nine county councils and 13 joint organisations.

“Fifty-eight councils have yet to implement basic governance and internal controls to manage cyber security,” the report [pdf] released on Thursday said.

It said this included “a cyber security framework, policy and procedure, register or cyber incidents, penetration testing and training”.


Original article