Audit finds security holes in ACT finance systems

By on
Audit finds security holes in ACT finance systems

Recommends stronger passwords, audit trail.

The Australian Capital Territory's Audit Office has pointed out a number of weaknesses in the security and disaster recovery attributes of the Territory's critical finance systems.

The auditor's findings [PDF] come within a fortnight of the release of an ANAO audit of Federal Government systems which painted much the same picture.

Whilst highlighting significant improvements in some systems, the audit office found weaknesses that "can lead to a higher risk of inappropriate or fraudulent access to computer information systems and unauthorised changes to applications and data."

The auditor found weaknesses in four of the eight key financial systems running the ACT Government - the Territory Revenue System (the IT system used by the Department of Treasury to record taxes, fees and fines), the MAZE schools administration system, Homenet (the IT used to record and manage information on Housing ACT's housing services) and Rego.act (the IT system used to process motor vehicle registrations, drivers' licenses and related infringements).

In particular, the auditor found that security controls around user access for Homenet and Rego.act and backup and recovery procedures for Homenet and Territory Revenue System needed to improve.

It found five users with inappropriate access to the Oracle database holding Homenet data. Housing ACT responded that Homenet 5, introduced in April 2010, would address this issue.

The auditor also noted that audit logs of changes to most of the territory's applications and data were not being reviewed.

"This exposes agencies to a higher risk of inappropriate or fraudulent changes to applications and data," it noted.

It also found The Territory Revenue System did not lock accounts to prevent access after a specified number of logon attempts, and that no mechanism ensured passwords were sufficiently complex to minimise the risk of being compromised.

ACT Treasury agreed with the audit findings and said that it intended to address the identified control weaknesses during an upgrade to the Territory Revenue System in late 2011.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
accessactauditdisaster recoveryfinancelogsmazeoraclesecurity

Sponsored Whitepapers

Responding To Industry Trends And Our 5m+ Users
Responding To Industry Trends And Our 5m+ Users
The Future of Digital Identity in Government
The Future of Digital Identity in Government
Secure Public Services for Every Australian
Secure Public Services for Every Australian
7½ Questions for Aged Care's Digital Decisions
7½ Questions for Aged Care's Digital Decisions
Creating the Sustainable IT Department
Creating the Sustainable IT Department

Most Read Articles

Australia appoints first cyber security coordinator

Australia appoints first cyber security coordinator
Apple rushes out patches for exploited zero day bugs

Apple rushes out patches for exploited zero day bugs
Perpetual 'extended outage' caused by security incident at third-party

Perpetual 'extended outage' caused by security incident at third-party
Exploit emerges for Cisco VPN client vulnerability

Exploit emerges for Cisco VPN client vulnerability

Digital Nation

COVER STORY: The opportunities and risks of cybersecurity insurance in Australia
COVER STORY: The opportunities and risks of cybersecurity insurance in Australia
DeepAI founder on the risks of artificial intelligence
DeepAI founder on the risks of artificial intelligence
Health tech startup Kismet raises $4m in pre-seed funding
Health tech startup Kismet raises $4m in pre-seed funding
How eBay uses interaction analytics to improve CX
How eBay uses interaction analytics to improve CX
More than half of loyalty members concerned about their data
More than half of loyalty members concerned about their data

Log In

  |  Forgot your password?