An audit of Internet security within Federal Government agencies has found risk managed by IT staff in-house has proven more effective than those handled by external service providers.
The Australian National Audit Office (ANAO) report stated: "Agencies managing Internet security in-house demonstrated a more holistic and comprehensive approach to documenting plans and security strategies. Agencies outsourcing delivery of some elements of their Internet presence demonstrated a more fragmented, and often incomplete, set of planning documentation."
Testing was undertaken as part of the audit in conjunction with the Defence Signals Directorate (DSD) and revealed policy and procedures for the review of audit logs were "very poor". A full list of ANAO recommendations and a copy of the report is available at www.anao.gov.au.