Victorian Electoral Commission overhauls cyber following “damning” audit – Strategy – Projects – Security

In January 2018 the Victorian Electoral Fee received a “damning” audit of its cyber stability

In January 2018 the Victorian Electoral Fee received a “damning” audit of its cyber stability functions that highlighted 19 areas of concern and identified zero maturity towards the Australian Indicators Directorate’s Vital 8.

Due to the measurement and complexity of the get the job done that wanted to be finished in these kinds of a delicate spot, the VEC made the decision to husband or wife with Microsoft to tackle some of the additional urgent concerns.

The ensuing cyber stability system was developed with the acceptance that conference the Vital 8 wouldn’t be achievable in the small time period, somewhat, it serves as the basis for continued improvement with a focus on accomplishing the ASD’s Leading Four.

By early 2020, the system has served the fee create a sizeable and maintainable improvement in its stability posture by means of with ‘quick wins’ like superior management of stability updates, removing unsupported legacy functioning devices, and utilizing a revamped credential system.

The VEC also overhauled its catastrophe restoration and backup procedures even though re-inspecting its response options and stability controls to superior react to stability incidents.

Other small time period initiatives include additional clearly defining roles and responsibilities inside the fee about cyber and disabling macros, with very long time period preparing covering the development of a cyber stability roadmap with re-prioritised tips.

More broadly, the task was also involved about instilling a cultural modify and embedding fantastic stability tactics and governance into everything that the VEC IT team supply to stop a repeat of the commission’s audit effectiveness.

This task is a finalist in the Resilience class of the iTnews Benchmark Awards 2020.