Higher education providers in Western Australia are risking compromising their security by failing to tackle information systems issues, a report from the Auditor General has warned.
The report shows that 132 information control issues were identified at four universities and seven training providers in 2012, of which 52 were unresolved issues from previous audits. This is a considerable increase on the number identified in 2011, but the report notes that this is in part due to an increased focus on security issues in the audits.
The Auditor General says the outstanding issues include reporting and reviewing access privileges, backups and monitoring and logging use. The failure to address them is a concern as none of them would be expensive to resolve. “If not addressed, these issues have the potential to compromise the confidentiality, integrity and availability of computer systems,” the report warns.