In January 2018 the Victorian Electoral Commission received a “damning” audit of its cyber protection operations that highlighted 19 locations of problem and found zero maturity versus the Australian Indicators Directorate’s Critical 8.
Owing to the sizing and complexity of the function that needed to be performed in such a sensitive region, the VEC decided to lover with Microsoft to tackle some of the far more urgent challenges.
The ensuing cyber protection platform was designed with the acceptance that meeting the Critical 8 wouldn’t be achievable in the small phrase, instead, it serves as the foundation for continued enhancement with a target on achieving the ASD’s Best Four.
By early 2020, the platform has served the fee set up a significant and maintainable enhancement in its protection posture through with ‘quick wins’ which includes improved management of protection updates, eradicating unsupported legacy functioning systems, and employing a revamped credential procedure.
The VEC also overhauled its disaster recovery and backup procedures when re-inspecting its reaction plans and protection controls to improved answer to protection incidents.
Other small phrase initiatives contain far more evidently defining roles and tasks in just the fee close to cyber and disabling macros, with extensive phrase planning covering the enhancement of a cyber protection roadmap with re-prioritised recommendations.
A lot more broadly, the job was also involved about instilling a cultural change and embedding great protection practices and governance into almost everything that the VEC IT team produce to avoid a repeat of the commission’s audit overall performance.
This job is a finalist in the Resilience class of the iTnews Benchmark Awards 2020.