Western Australian Auditor-General Report Writing & Western Australian Electoral Commission - Law Assignment Help

Assignment Task

Assessment  Detail 

This assessment is designed to assess students’ ability to apply theoretical learning to practical, real-world situations. In this assessment students are given an IT audit report conducted by the office of the Western Australian Auditor-General and required to address the followings:  

• Identify the audit focus and scope 

• Describe audit findings in the Department of Health 

• Describe audit findings in the Department of Mines, Industry Regulation and Safety 

• Describe audit findings in the Office of State Revenue 

• Describe audit findings in the Western Australian Electoral Commission 

• Describe audit findings in the KeyStart Housing Scheme Trust 

• Discuss the professional, legal, and ethical responsibilities of an IT Auditor. 

In completing this assessment successfully, you will learn how to analyze an IT audit report, understanding relevant legislation, generally accepted auditing standards and ISACA’s CORBIT framework, which will help in achieving ULO1, ULO-2, ULO-3, ULO-4, ULO-5, ULO-6, and ULO-7. 

Auditor General’s overview 

This is the tenth annual Information Systems Audit Report by my Office.  The report summarises the results of the 2017 annual cycle of audits,  

plus an examination of passwords and application reviews completed by  our Information Systems audit group since last year’s report.  

The report is important because it reveals the common information  

system weaknesses we identified that can seriously affect the operations  of government and potentially compromise sensitive information held by  agencies. It also contains recommendations that address these common  

weaknesses and as such, has a use broader than just the agencies we  audited.  

Common weaknesses across all our information systems audits indicate agencies are not  taking risks to information systems seriously enough. Most of the issues raised can be easily  addressed and it appears that risks are simply not properly understood. They are certainly  not being effectively managed. 

The first section in my report shows that agency systems are vulnerable as a result of weak  passwords. We have demonstrated to agencies on many occasions how weak passwords  are used to access information systems without detection. A pressing issue that must be  acknowledged and addressed across the sector is for agencies’ executive management to engage with information security, instead of regarding it as a matter for their IT departments.  The days of senior leaders not understanding information security and capability as a key  business risk to be closely monitored and appropriately managed are over. The  consequences to state service delivery, trust in the sector and institutional reputations are  too great. 

Our application reviews show that agencies also need to take the initiative and perform their own reviews to identify critical controls, inefficiencies, and problems, and potential solutions.  An analysis of people, process, technology and data relevant to key IT applications would help management identify and manage risks.  

In the third section of this report, I have identified 2 agencies that have consistently demonstrated good system management controls. Our results show improvements were made in 2017 across most areas. However, information security and business continuity remain a concern with only half or less of agencies performing to the expected level.

Password Management in the WA State Government 

Introduction 

Western Australian government agencies collect and store a significant amount of sensitive  and confidential information. The public rightly expects agencies to protect this information  from unauthorised access. Effective management and use of passwords remains a vital part of information security. However, since 2004 our information systems audits have  consistently raised issues around agency access controls, particularly passwords.  

The objective of this audit was to determine if selected government agencies are using good practices to manage network passwords, to protect the information they hold. 

Conclusion 

Over one-quarter of the enabled network accounts, we looked at had weak passwords at the time of the audit. In a number of instances, these accounts are used to access critical agency systems and information via remote access without any additional controls.  Generally, agencies lacked technical controls to enforce good passwords across networks,  applications and databases and did not have guidance about good practice for password management. 

Background 

Agencies have a diverse range of users, applications and services with different purposes  and security requirements. These require different types of accounts or identities to access  information from inside and outside agencies. For example: 

•  Employees: Normal user accounts for staff to perform day-to-day tasks  ? Partners: contractors and vendor support staff 
•  Privilege Accounts: Individuals with high level administrative privileges such as  system, network and database administrators 
•  Shared and Generic Accounts: Default accounts and vendor accounts that are not  specific to an individual and where passwords are shared with other users  
•  Services and Applications: Accounts used by operating system services and  applications such as web servers, email services and backup accounts. 

Passwords are still the main control agencies use to protect information systems and are an important security mechanism for all account types. Good password management practices combine people, processes, and technology to secure the use and management of passwords.  Creating complex, hard-to-guess passwords requires at least 3 of the following categories.

This Law Assignment has been solved by our Law Experts at onlineassignmentbank. Our Assignment Writing Experts are efficient to provide a fresh solution to this question. We are serving more than 10000+Students in Australia, UK & US by helping them to score HD in their academics. Our Experts are well trained to follow all marking rubrics & referencing style.

Be it a used or new solution, the quality of the work submitted by our assignment Experts remains unhampered. You may continue to expect the same or even better quality with the used and new assignment solution files respectively. There’s one thing to be noticed that you could choose one between the two and acquire an HD either way. You could choose a new assignment solution file to get yourself an exclusive, plagiarism (with free Turnitin file), expert quality assignment or order an old solution file that was considered worthy of the highest distinction.