​WA agencies reproached for weak application security

Four agencies had data validation, manual processing and information security weaknesses

Vulnerabilities with data access, software updates and passwords were found by WA Auditor General Colin Murphy in an application review of four agencies.

The audit assessed the Department of Attorney General’s (DotAG) Integrated Court Management System (ICMS), Legal Aid Commission WA’s LAW Office, the Department of Local Government and Communities' WA Seniors Card management system and the Drug and Alcohol Office of WA’s services information management system.

Murphy found that while all four applications were performing well, there were some weaknesses around data access and logging, software patching and updates, and general security practices in agency IT environments.

For example, it found that ICMS software updates released by the vendor to fix known security vulnerabilities had not been applied and that DotAG was not aware of this weakness.

“It is far easier for attackers to exploit systems that don’t have the latest software patches applied. This may allow attackers to gain unauthorised access to the system and/or information. An effective patching process that keeps software up to date is vital to help protect against cyber and other threats,” he said.

The audit also found that DotAG had not established database level auditing to track direct access and changes to ICMS information.

This means the department has no way of identifying any inappropriate database level access or modifications to ICMS information, said Murphy.

DotAG has agreed to make improvements to its security following the audit.

Turning to the Seniors Card management system, which contains details of 360,000 elderly people in WA, the audit found a range of control weaknesses.

“These weaknesses increases the risk of inappropriate access to and potential misuse of Seniors Card holder’s personal information and could expose seniors to fraudsters either online, by phone, mail or in person. Weaknesses in the eligibility assessment process means that ineligible persons could obtain a Seniors Card and receive payments and benefits for which they are not entitled,” he said.

However, the Department of Local Government and Communities is improving its management of the Seniors Card system. A review of the terms and conditions is underway to ensure that only eligible Seniors Card holders receive benefits.

Join the Computerworld newsletter!

Error: Please check your email address.

Tags securityWA Auditor General

More about Drug and Alcohol OfficeICMS

Show Comments