“Persistent optimism bias” in cybersecurity reporting by Commonwealth entities is muddying government oversight of the issues, with a parliamentary committee now calling for self-assessments to be subject to an external assurance process.
A Joint Committee of Public Accounts and Audit report, released on Thursday afternoon, called on the government to consider implementing “an assurance regime on agencies’ self-reporting to government on the cybersecurity aspects of the Protective Security Policy Framework (PSPF)”.
If not applied across the board, then the assurance process should apply on a risk basis to provide government a more accurate description of cybersecurity capabilities across non-corporate Commonwealth entities.
Do you know more? Contact James Riley via Email.