Govt not effectively mitigating insider threats


By Dylan Bushell-Embling
Monday, 14 May, 2018


Govt not effectively mitigating insider threats

The Australian Government Security Vetting Agency (AGSVA) is not effectively mitigating the government's exposure to insider threats, a new audit has found.

An audit of the personnel security component of the government's Protective Security Policy Framework (PSPF) found that AGSVA has failed to implement the government's policy direction to share information with client entities on identified personnel security risks.

The audit, conducted by the Australian National Audit Office (ANAO), evaluated whether the AGSVA is providing effective security vetting services.

The audit also assessed the Attorney General's Department, the Digital Transformation Agency, ASIC, and the Australian Radiation Protection and Nuclear Safety Authority for compliance with the personnel security requirements of the framework, following 2014 reforms conducted in response to the previous audit.

None of the audited entities — including AGSVA — fully comply with all mandatory PSPF controls, the audit found.

Further, while AFSVA collects and analyses information regarding personnel security threats, it does not communicate this information to entities outside of its parent, the Department of Defence. The agency also does not use clearance maintenance requirements to minimise risks.

Since the prior audit, AGSVA's average timeframe for completing positive vetting clearances has increased significantly.

But the audit found that the agency has plans to implement a number of process improvements by adopting a new ICT system. The new system is expected to be fully operational in 2023.

The other audited entities also demonstrated mixed compliance with the PSPF personnel security requirements.

Some were only partially compliant with the requirement to ensure personnel have appropriate clearances, and none had fully implemented the requirements introduced in 2014 to manage the ongoing suitability of personnel.

Image credit: ©iStockphoto.com/Brian Jackson

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related Articles

Adapting to new cybersecurity challenges: a roadmap for Australian government agencies

Given the rise in cyber threats against government networks and critical infrastructure sectors,...

Growing fraud trends in Australian health care

As the healthcare landscape evolves, so do the methods of fraud.

Overcoming the top cybersecurity challenges faced by public agencies

With a new cybersecurity strategy out and the right approach to key challenges, the public sector...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd