❓ A WA parliamentary question regarding penetration testing ('White Hat') of network systems and websites within the Seniors and Ageing; Volunteering; Sport and Recreation portfolio. Reveals varying levels of testing and security awareness across different agencies.
AnsweredQoN 3798Legislative Assembly
Asked
14 August 2018
Member
Portfolio
Seniors and Ageing; Volunteering; Sport and Recreation
QuestionView source ↗
For all departments, agencies, government trading enterprises or boards within the Minister’s portfolio responsibilities, I ask since 11 March 2017: (a) Have any independent consultants or companies been engaged to run penetration or 'White Hat' tests on any internal or external network systems: (i) If so, what consultant or company was engaged and on what date; (ii) If so, did it include any social engineering or phishing tests; and (iii) If not, why not; and (b) Have any independent consultants or companies been engaged to run penetration or 'White Hat' tests on any websites: (i) If so, what consultant or company was engaged and on what date; and (ii) If so, what website (domain only) was tested?
AnswerView source ↗
Answered
18 September 2018
Responded by
Minister for Seniors and Ageing; Volunteering; Sport and Recreation
Response time
9 days
Department of Communities/Former Department of Local Government and Communities
Please refer to Legislative Assembly Question on Notice no 3804.
Sport and Recreation (WA)
Please refer to Legislative Assembly Question on Notice no 3796.
Former Department of Sport and Recreation
(a-b) No specific penetration testing was undertaken during the 11 March 2017 to 30 June 2017 period by the Department of Sport and Recreation. Testing was undertaken in July 2017 by the new Department of Local Government, Sport and Cultural Industries which incorporates the former Department of Sport and Recreation.
WAIS
(a) No
(i-ii) Not applicable
(iii) Not cost effective and risk is considered low.
(b) No
(i-ii) Not applicable
VenuesWest
(a) Yes
(i) Asterisk Information Security – June 2018
(ii) No
(iii) As this was the first test of systems, the purpose was to baseline. Additional testing with social engineering will be carried out in Q3 FY2018-19.
(b) Yes
(i) Asterisk Information Security – June 2018
(ii) Mypay.venueswest.wa.gov.au; Building Management System (No Domain - IP address Only)
Combat Sports Commission
(a) Yes
(i) Aterick - 11/07/2017
(ii) No
(iii) The focus of the assessment was a general health check for all ICT infrastructure and systems that DLGSC inherited as a result of Machinery of Government changes.
(b) No
(i-ii) Not applicable
Please refer to Legislative Assembly Question on Notice no 3804.
Sport and Recreation (WA)
Please refer to Legislative Assembly Question on Notice no 3796.
Former Department of Sport and Recreation
(a-b) No specific penetration testing was undertaken during the 11 March 2017 to 30 June 2017 period by the Department of Sport and Recreation. Testing was undertaken in July 2017 by the new Department of Local Government, Sport and Cultural Industries which incorporates the former Department of Sport and Recreation.
WAIS
(a) No
(i-ii) Not applicable
(iii) Not cost effective and risk is considered low.
(b) No
(i-ii) Not applicable
VenuesWest
(a) Yes
(i) Asterisk Information Security – June 2018
(ii) No
(iii) As this was the first test of systems, the purpose was to baseline. Additional testing with social engineering will be carried out in Q3 FY2018-19.
(b) Yes
(i) Asterisk Information Security – June 2018
(ii) Mypay.venueswest.wa.gov.au; Building Management System (No Domain - IP address Only)
Combat Sports Commission
(a) Yes
(i) Aterick - 11/07/2017
(ii) No
(iii) The focus of the assessment was a general health check for all ICT infrastructure and systems that DLGSC inherited as a result of Machinery of Government changes.
(b) No
(i-ii) Not applicable
Explore WA Government Data
Search the full archive in the free dashboard, or query programmatically via API.
Explore more
Government Gazette
Appointments, regulatory notices, planning changes.
Hansard
Debates, questions, speeches and sentiment.
Tabled Papers
Reports and documents tabled in Parliament.
Committees
Committee profiles and recent reports.
Regulations
Subsidiary legislation with filters and summaries.
Bills
Proposed laws and parliamentary progress.
Acts
Current WA legislation and summaries.
Explanatory Memoranda
Bills with EMs (text/PDF) available.
Members
MP profiles, party breakdown and rankings.
Pollie Rankings
Data-driven rankings across 19 categories.
Amendment Chains
Track how schemes and regulations evolve over time.