❓ A WA parliamentary question reveals which government agencies have conducted penetration testing on their networks and websites since March 2017, highlighting varying levels of security assessment and resource allocation across different departments.
AnsweredQoN 3797Legislative Assembly
QuestionView source ↗
For all departments, agencies, government trading enterprises or boards within the Minister’s portfolio responsibilities, I ask since 11 March 2017: (a) Have any independent consultants or companies been engaged to run penetration or 'White Hat' tests on any internal or external network systems: (i) If so, what consultant or company was engaged and on what date; (ii) If so, did it include any social engineering or phishing tests; and (iii) If not, why not; and (b) Have any independent consultants or companies been engaged to run penetration or 'White Hat' tests on any websites: (i) If so, what consultant or company was engaged and on what date; and (ii) If so, what website (domain only) was tested?
AnswerView source ↗
Answered
20 September 2018
Response time
11 days
The Corruption and Crime Commission:
(a) Yes.
(i) Asterisk, 24/2/2017.
(ii) No.
(iii) The Commission has numerous and adequate mitigation controls in place.
(b) Yes.
(i) Asterisk, quarterly from 24/2/2017.
(ii) ccc.wa.gov.au
The Department of Justice:
(a) Yes.
(i) Ernst and Young on 23 June 2017.
(ii) Yes.
(iii) Not applicable.
(b) Yes.
(i) DXC Technology on 14 June 2017.
(ii) https://ecourts.justice.wa.gov.au
Equal Opportunity Commission:
(a) Yes
(i) MM IT Consulting (WA) Pty Ltd in January 2018
(ii) No
(iii) The scope related to the testing of security around sensitive data and not social engineering and phishing
(b) No
(i) Not applicable
(ii) Not applicable
The Legal Practice Board will include the Legal Profession Complaints Committee (which is a Committee of the Board):
(a) No.
(i)-(iii) Not applicable.
(b) No.
(i)-(ii) Not applicable
LegalAid Western Australia:
(a) No
(iii) Independent audits have been conducted on the solutions that provide security for Legal Aid WA internal and external network systems. These audits did not involve penetration or 'White Hat' tests
(b) No
Office of the Director of Public Prosecutions:
(a) The Office of the Director of Public Prosecutions (ODPP) has not engaged any consultant or company to run 'White Hat' penetration test on its internal network.
(i) - (ii) Not applicable.
(iii) The ODPP's external network is managed by the Department of Justice. As such, the ODPP does not have access to any of the external network equipment.
(b) The ODPP's external website is managed by the Department of Justice. Accordingly the ODPP does not have access to this server in order to run a pentration test.
(i) - (ii) Not applicable.
Office of the Information Commissioner:
(a) No.
(i)-(ii) Not applicable.
(iii) Lack of resources.
(b) No.
(i)-(ii) Not applicable
Office of the Commissioner for Children and Young People:
The Department of Justice will include CCYP in its responseas they provide ICT services for CCYP.
State Solicitors Office, Solicitor General's Office:
Incorporated into the Department of Justice.
(a) Yes.
(i) Asterisk, 24/2/2017.
(ii) No.
(iii) The Commission has numerous and adequate mitigation controls in place.
(b) Yes.
(i) Asterisk, quarterly from 24/2/2017.
(ii) ccc.wa.gov.au
The Department of Justice:
(a) Yes.
(i) Ernst and Young on 23 June 2017.
(ii) Yes.
(iii) Not applicable.
(b) Yes.
(i) DXC Technology on 14 June 2017.
(ii) https://ecourts.justice.wa.gov.au
Equal Opportunity Commission:
(a) Yes
(i) MM IT Consulting (WA) Pty Ltd in January 2018
(ii) No
(iii) The scope related to the testing of security around sensitive data and not social engineering and phishing
(b) No
(i) Not applicable
(ii) Not applicable
The Legal Practice Board will include the Legal Profession Complaints Committee (which is a Committee of the Board):
(a) No.
(i)-(iii) Not applicable.
(b) No.
(i)-(ii) Not applicable
LegalAid Western Australia:
(a) No
(iii) Independent audits have been conducted on the solutions that provide security for Legal Aid WA internal and external network systems. These audits did not involve penetration or 'White Hat' tests
(b) No
Office of the Director of Public Prosecutions:
(a) The Office of the Director of Public Prosecutions (ODPP) has not engaged any consultant or company to run 'White Hat' penetration test on its internal network.
(i) - (ii) Not applicable.
(iii) The ODPP's external network is managed by the Department of Justice. As such, the ODPP does not have access to any of the external network equipment.
(b) The ODPP's external website is managed by the Department of Justice. Accordingly the ODPP does not have access to this server in order to run a pentration test.
(i) - (ii) Not applicable.
Office of the Information Commissioner:
(a) No.
(i)-(ii) Not applicable.
(iii) Lack of resources.
(b) No.
(i)-(ii) Not applicable
Office of the Commissioner for Children and Young People:
The Department of Justice will include CCYP in its responseas they provide ICT services for CCYP.
State Solicitors Office, Solicitor General's Office:
Incorporated into the Department of Justice.
Explore WA Government Data
Search the full archive in the free dashboard, or query programmatically via API.
Explore more
Government Gazette
Appointments, regulatory notices, planning changes.
Hansard
Debates, questions, speeches and sentiment.
Tabled Papers
Reports and documents tabled in Parliament.
Committees
Committee profiles and recent reports.
Regulations
Subsidiary legislation with filters and summaries.
Bills
Proposed laws and parliamentary progress.
Acts
Current WA legislation and summaries.
Explanatory Memoranda
Bills with EMs (text/PDF) available.
Members
MP profiles, party breakdown and rankings.
Pollie Rankings
Data-driven rankings across 19 categories.
Amendment Chains
Track how schemes and regulations evolve over time.