Break things, write reports

No one's doing Top 4

Alternatively: Everyone is saying they're doing it, most are lying

Tags — | commentary | Categories: — policy-induced-problems |
Posted at — Mar 22, 2021

The Australian National Audit Office (ANAO) recently published a paper titled Cyber Security Strategies of Non-Corporate Commonwealth Entities, available at https://www.anao.gov.au/work/performance-audit/cyber-security-strategies-non-corporate-commonwealth-entities.

If you’re in Australian Infosec, you’d know:

To no ones surprise, it turns out that it is not actually done properly, and is often reported inaccurately.

The findings were pretty savage and don’t need much other than to be quoted:

None of the seven selected entities examined have fully implemented all the mandatory Top Four mitigation strategies

Food for thought.