[LINK] Agencies' policies 'not up to scratch': consultant

[Bernard Robertson-Dunn]

Agencies' policies 'not up to scratch': consultant 
BY KELLY MILLS 
4 September, 2001 12:17
Sydney, Australia
http://computerworld.idg.com.au/idg2.nsf/All/4EF3FE60A3D88C8B4A256ABD000DCE0C!OpenDocument&NavArea=Home&SelectedCategoryName=News

As private enterprises struggle to meet the December 21 Privacy Legislation
deadline, Commonwealth agencies are floundering in their efforts to meet
their own privacy standards.

The agencies are required by the Protective Security Manual to consider the
security implications of their electronic information systems and to devise
policy and plans to ensure the systems are appropriately protected.

According to Andrew Bewick, federal business manager for security
consultancy 90East (Asia-Pacific), the whole psyche of security behaviour
within Commonwealth departments is "not up to scratch".

"There isn't any document control in many departments. The Defence
Department has been doing it well for decades, but the Australian Taxation
Office, for example, has employed thousands of new consultants to deal with
the implementation of the GST; how could all these staff be trained to
operate securely in such a short timeframe?

"[In addition] often the IT solution put in place [within a department]
does not correlate with the business processes. There is a lack of
understanding of the issues and focus of the core business. People just
think they will get someone in to put in the firewall, do the encryption,
but [the technology] is not being linked back to business processes."

-- 
It is no secret that organized crime in America takes in over forty billion
dollars a year. This is quite a profitable sum, especially when one
considers that the Mafia spends very little for office supplies.
-- Woody Allen

Regards
brd

Bernard Robertson-Dunn
Canberra Australia
brd@dynamite.com.au
brd@austarmetro.com.au