❓ WA Parliamentary Question reveals penetration testing practices across various departments and agencies under the Minister's portfolio, highlighting inconsistencies in testing scope and frequency.
AnsweredQoN 3801Legislative Assembly
Asked
14 August 2018
Member
Portfolio
Mines and Petroleum; Commerce and Industrial Relations; Electoral Affairs; Asian Engagement
QuestionView source ↗
For all departments, agencies, government trading enterprises or boards within the Minister’s portfolio responsibilities, I ask since 11 March 2017: (a) Have any independent consultants or companies been engaged to run penetration or 'White Hat' tests on any internal or external network systems: (i) If so, what consultant or company was engaged and on what date; (ii) If so, did it include any social engineering or phishing tests; and (iii) If not, why not; and (b) Have any independent consultants or companies been engaged to run penetration or 'White Hat' tests on any websites: (i) If so, what consultant or company was engaged and on what date; and (ii) If so, what website (domain only) was tested?
AnswerView source ↗
Answered
9 October 2018
Responded by
Minister for Mines and Petroleum; Commerce and Industrial Relations; Electoral Affairs; Asian Engagement
Response time
12 days
Department of Mines, Industry Regulation and Safety:
(a) Yes
(i) Diamond Cyber engaged on 1 June 2017 and Office of the Auditor General engaged on 1 July 2018.
(ii) Yes
(iii) Not applicable
(b) No
(i) – (ii) Not applicable
Architects Board of WA:
(a) – (b) Board operates under DMIRS internal network system.
Building Services Board:
(a) – (b) Board operates under DMIRS internal network system.
Electrical Licensing Board:
(a) – (b) Board operates under DMIRS internal network system.
Plumbing Licensing Board:
(a) – (b) Board operates under DMIRS internal network system.
Mineral Research Institute WA:
(a) Yes
(i) ES2 engaged on 31 July 2018
(ii) Yes
(iii) Not applicable
(b) No
(i) - (ii) Not applicable
WA Industrial Relations Commission:
(a) Yes
(i) Stantons International Audit and Consulting Pty Ltd engaged on 21 March 2017 and 2000 Computers and Networks Pty Ltd engaged on 8 March 2018.
(ii) No
(iii) Outside scope of audit because Department has policies and procedures in place to mitigate the risk.
(b) Yes
(i) Stantons International Audit and Consulting Pty Ltd engaged on 21 March 2017.
(ii) wairc.wa.gov.au
dotr.wa.gov.au
imc.wa.gov.au
WorkCover WA:
(a) Yes
(i) Stantons International - contract awarded 11 January 2018
(ii) No
(iii) Social engineering and phishing risks always exist and WorkCover WA has controls in place to mitigate these risks.
(b) Yes
(i) Stantons International - contract awarded 1 February 2017 (in progress as at 11 March 2017).
(ii) workcover.wa.gov.au
Construction Industry Long Service Leave Payments Board (MyLeave):
(a) No
(i)-(iii) Not applicable
(b) No
(i)-(ii) Not applicable
WA Electoral Commission:
(a) No
(i)-(iii) Not applicable
(b) No
(i)-(ii) Not applicable
(a) Yes
(i) Diamond Cyber engaged on 1 June 2017 and Office of the Auditor General engaged on 1 July 2018.
(ii) Yes
(iii) Not applicable
(b) No
(i) – (ii) Not applicable
Architects Board of WA:
(a) – (b) Board operates under DMIRS internal network system.
Building Services Board:
(a) – (b) Board operates under DMIRS internal network system.
Electrical Licensing Board:
(a) – (b) Board operates under DMIRS internal network system.
Plumbing Licensing Board:
(a) – (b) Board operates under DMIRS internal network system.
Mineral Research Institute WA:
(a) Yes
(i) ES2 engaged on 31 July 2018
(ii) Yes
(iii) Not applicable
(b) No
(i) - (ii) Not applicable
WA Industrial Relations Commission:
(a) Yes
(i) Stantons International Audit and Consulting Pty Ltd engaged on 21 March 2017 and 2000 Computers and Networks Pty Ltd engaged on 8 March 2018.
(ii) No
(iii) Outside scope of audit because Department has policies and procedures in place to mitigate the risk.
(b) Yes
(i) Stantons International Audit and Consulting Pty Ltd engaged on 21 March 2017.
(ii) wairc.wa.gov.au
dotr.wa.gov.au
imc.wa.gov.au
WorkCover WA:
(a) Yes
(i) Stantons International - contract awarded 11 January 2018
(ii) No
(iii) Social engineering and phishing risks always exist and WorkCover WA has controls in place to mitigate these risks.
(b) Yes
(i) Stantons International - contract awarded 1 February 2017 (in progress as at 11 March 2017).
(ii) workcover.wa.gov.au
Construction Industry Long Service Leave Payments Board (MyLeave):
(a) No
(i)-(iii) Not applicable
(b) No
(i)-(ii) Not applicable
WA Electoral Commission:
(a) No
(i)-(iii) Not applicable
(b) No
(i)-(ii) Not applicable
Explore WA Government Data
Search the full archive in the free dashboard, or query programmatically via API.
Explore more
Government Gazette
Appointments, regulatory notices, planning changes.
Hansard
Debates, questions, speeches and sentiment.
Tabled Papers
Reports and documents tabled in Parliament.
Committees
Committee profiles and recent reports.
Regulations
Subsidiary legislation with filters and summaries.
Bills
Proposed laws and parliamentary progress.
Acts
Current WA legislation and summaries.
Explanatory Memoranda
Bills with EMs (text/PDF) available.
Members
MP profiles, party breakdown and rankings.
Pollie Rankings
Data-driven rankings across 19 categories.
Amendment Chains
Track how schemes and regulations evolve over time.