Figures from the 2005 audit of security management of Internet security in Australian government agencies conducted by the Australian National Audit Office (ANAO) was released yesterday and found 31 specific risks as defined by the Defence Signals Directorate (DSD) in agency Web servers.

Three percent of risks were high level, 32 percent were medium level and 65 percent of risks were low level risks. The ANAO made 51 suggestions for improvements.

Alarmingly, the ANAO report also concluded the current level of Internet security in six government agencies was insufficient, and none of the agencies fully complied with the Protective Security Manual (PSM) and ACSI 33.

The PSM is a list of common standards for protective security for all Australian Government agencies and contractors with eight points including security policy and personnel security. ACSI 33, part of the PSM, breaks down risk management into five simple steps -- context, identifying, analyzing, assessing and developing a plan and is mandatory for all commonwealth agencies.

The audited agencies include Australian Customs Service (ACS) Australian Federal Police (AFP), Australian Radiation Protection and Nuclear Safety Agency (ARPANSA), Department of Education and Workplace Relations (DEWR), Department of Industry, Tourism and Resources (DITR) and Medicare Australia.