Murdoch University named in ‘concerning’ data security report by Auditor-General

1

Madura McCormack

Western Australia’s auditor-general, Colin Murphy, released a report today detailing concerns about the security of sensitive information stored by agencies.

Murdoch University was one of the seven agencies involved in the audit, which also includes Curtin University and the Legal Aid Commission of WA among others.

Murdoch University makes up 31 of the 115 failures logged in the report, seven of them extreme.

“Most concerning was that we continue to find weak controls in some basic, easy to fix areas such as passwords, patching and setting of user privileges,” says Mr. Murphy of the seven agencies.

Three of the university’s databases were tested, including Murdoch Finance, Murdoch Student Admin and Murdoch Human Resources.

Chart shows the number and severity of the findings per agency database. Source: Auditor-General report, 5 Nov.

Chart shows the
number and severity of the findings per agency database. Source: Auditor-General report, 5 Nov.

At one unspecified agency, the auditors managed to compromise two accounts and browse highly confidential and sensitive records on individuals including minors, the report said.

The same process was performed a week later, only to find that appropriate action had not been taken by the agency.

The Auditor-General’s report also identified accounts at agencies with passwords such as ‘test’ and ‘password1’.

University response

In response to the findings presented to Murdoch University, the institute has ‘engaged the services of an independent technical consultant’, it says in the report.

“Some of the actions have been completed, including the acquisition of a comprehensive password management system,” Murdoch University said in the report.

“Many of the remaining actions require specialist technical skills which are being sought.”

Here’s another time Murdoch University IT has been sketchy.

READ MORE: Poor State Government data security putting confidential information at risk, reports finds// ABC

One comment on “Murdoch University named in ‘concerning’ data security report by Auditor-General

  1. bethia92 says:

    It is really fantastic to have this stuff reported. Thank you

    Like

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s