My Department has not had a cybersecurity breach in the past 12 months.
In line with best practice my Department adopts a defence in depth approach to cybersecurity protection with a combination of technological controls and processes in place. These controls include policies and practices on system patching and upgrades, penetration testing of internet facing systems, and good practice least privileged access principles.
My Department recognises that ensuring the security of information and information systems is an ongoing process. This includes regular reviews of systems and practices and my Department has just concluded one such review of its security practices which will inform work in this area going forward. This work builds on existing initiatives which focus on ensuring continuity of ICT availability, on building good ICT security practice, and on building staff awareness of best practices approaches to ICT security.