ANAO cyber review of Federal Government agencies

Products

Our cyber security products span from our next gen SIEM used in the most secure government and critical infrastructure environments, to automated cyber risk reporting applications for commercial and government organisations of all sizes.

Essential 8

Essential 8 Auditor

Essential 8 Scorecard

Cyber Resilience

SmartCheck

SIEM

For Enterprise

For MSSPs

For Government

SIEM FEATURES

Operational resilience

June 8, 2020

The 2019-20 ‘Interim Report on Key Financial Controls of Major Entities’ has been released. The Australian National Audit Office’s (ANAO) review focused on the financial and HR systems of eighteen Australian Government agencies.

The report revealed that only one of the eighteen agencies that were reviewed was rated as achieving and managing their cyber resilience to Essential Eight Maturity Level Three requirements. It also found that four agencies had incorrectly self-assessed, due to a poor understanding of their requirements.

Australian Government cyber resilience

The current Australian Government advice, recommendations and mandates associated with the Essential Eight Framework provide a clear target and benchmark for both government and non-government entities, in their pursuit of cyber maturity. However, having the knowledge, resources and time to operationalise the critical security controls, and then maintain them, is where the biggest challenge lies. In a dynamic threat environment, cyber security is an ongoing responsibility.

Self-assessment of security control performance can be subjective and unreliable. In 2019, ANAO reported that 29% of agencies audited were compliant with the Top Four security controls. Whereas 60% of self-assessments found themselves to be compliant. An objective and current measure of cyber maturity is key to maintaining your organisation’s cyber defences.

Establish and maintain Essential Eight controls over time

Security Audit Tool

Huntsman Security’s Essential 8 Auditor, a tool designed specifically to measure the implementation and operational effectiveness of the Essential Eight controls, was developed to support Australian entities and their requirement to implement and measure against the Essential Eight Framework.

An image showing the Essential 8 Auditor dashboard of security control performance metrics and maturity

Essential 8 Auditor – Security Control Summary Dashboard

The tool is self-install, and can be implemented and operated by IT staff. Data and evidence is collected from across the environment to produce outputs that include identification of areas of non-compliance, performance metrics and cyber maturity scores. Results are exportable, for inclusion in audit reports or for sharing with security team colleagues and wider business stakeholders locally and remotely.

You can watch a short (3.5 minutes) video overview of the Essential 8 Auditor here:

Uses for the Essential 8 Auditor

The Essential 8 Auditor can be used for a number of purposes:

Internally, to determine an objective measure of cyber risk exposure
Internally, forms the baseline for annual compliance reporting and Cyber Risk Attestations
Auditing tool for Security Consultants, Security Auditors and Risk & Compliance Managers

Find out more

If you would like to see a demonstration, discuss the solution’s capability further or find a reseller please contact us. Alternatively, you can visit the Essential 8 Auditor page here:

https://www.huntsmansecurity.com/products/essential-8-auditor/

5 Ways to Improve Security Assessments

Download the Guide

BLOG POSTS

Joint Advisories keep coming: Heads in the clouds

April 10, 2024

As predicted in early 2024 another joint advisory was recently released from the Five-eyes intelligence and cyber security community. This time the advice relates to governments and corporations moving to cloud infrastructure...

Operational Resilience – Your obligations and FCA PS21/3

March 18, 2024

Operational resilience requirements are being rolled out across the UK and beyond. UK finance firms are required to improve their operational resilience in accordance with Financial Conduct Authority (FCA) Policy Statement PS21/3 (the Policy).

Getting value from your cyber investments

February 5, 2024

A recent KPMG Report suggests that protecting against and dealing with cyber risks will be the major challenge for senior executives in 2024. It is clear that despite high levels of security investment, organisations continue to suffer from cyber attacks.

Agency resilience, compliance & reputation: a cyber governance perspective

January 31, 2024

The Australian Signals Directorate’s (ASD) recent publication of their Cyber Threat Report 2022-2023 unearthed a range of areas for concern for government departments and critical infrastructure entities at local, State and Federal level.

How to improve access to cyber insurance & re-insurance

October 13, 2023

As cyber risks increase, organisations are encountering the longer life cycle of insurance renewals and the need to demonstrate better management of security controls and their effectiveness.

A tale of two conferences

October 6, 2023

Highlights and insights from the recent Managed Services Summit in London & the ISACA Central Chapter Conference on Digital Trust, in Birmingham, UK. With two recent conferences in the space of three days, some interesting challenges were very evident in the topics discussed. Being very different events, the challenges were quite different, but interestingly they […]

2022’s least wanted: Rockstar vulnerabilities that should be has-beens

September 28, 2023

In early August 2023, the latest joint advisory on persistent vulnerabilities was issued by the intelligence and security agencies[1] of the “Five-eyes” community. These joint advisories are becoming more common. Perhaps recognising the growing importance of shared security information and the common nature of many of the threats faced – the weight they carry makes […]

Active management for operational and cyber resilience

September 27, 2023

The quality of your risk assessment and the security information it provides is important; if you plan to use it to actively manage your operational and cyber resilience activities. Organisations are constantly exposed to a rapidly changing threat environment, so you really need a similarly rapid evidence-based feedback system that informs you of the ongoing […]

Applying an Australian regulator’s cyber audit findings, in a UK context

September 26, 2023

The UK market has its own regulators, security standards and challenges. And while rulings from SEC in the US or the Australian Prudential Regulation Authority (APRA) in Australia don’t apply to UK companies, for the most part, the observations are undoubtedly relevant and the resulting advice instructive. It would be wrong to think UK financial […]

Cyber Gap Measurement & Evidence – The New Standard of Quantifiable Internal Assessment

September 18, 2023

<<< Part 2a: Australia’s Essential Eight: Beyond Endpoint Control <<< Part 2b: Activating UK NCSC & US NIST Guidelines: Beyond Endpoint Control Part 4: Systematic Measurement of Cyber Controls >>> As much as we invest into cyber security controls, external threats are inevitable. In a recent Notifiable Data Breaches Report from the Office of the […]

SIGN UP TO RECEIVE CYBER SECURITY INSIGHTS

Read by directors, executives, and security professionals globally, operating in the most complex of security environments.

Industries

Government

Financial Services

Critical Infrastructure

Health

Shipping, Freight & Logistics

Defence & Intelligence

A cyber-risk readiness checklist

Quick Links

About

Training & Support

Testimonials

Partners

News & Media

Events

Leadership Team

Careers