During 2010-11 we released our security framework - covering all security functions and defining our security principles, priorities and strategies. We also published updated policies on information security and participated in whole-of-government policy processes for improving security outcomes in all government agencies.
We strengthened our information security practices relating to data transfers, storage of classified information and email security and implemented recommendations from an independent information security review.
We have also developed tools to monitor and manage information technology security risks in a timely manner. To ensure we safeguard and manage security risks effectively we conducted ongoing activities, including monitoring 100% of outbound emails, phishing scams and internet usage.
We also established a framework for accrediting the security of information technology and commenced the accreditation process for five of our priority critical systems.
Top honours for our information security
This year we received recognition for our focus on fraud and unusual cyber crime targeting Australians.
We took out top honours, winning the 'Organisational excellence in information security' category at the AusCERT conference.
AusCERT is Australia's leading computer emergency response team. It provides a coordination role for handling computer security incidents between affected parties, for the benefit of Australian networks.
AusCERT considered organisations that had made the greatest overall contribution to information security. Our recognition came for the work of our Vulnerability Management and Research team through its threat intelligence capability's focus on fraud and unusual cyber crime targeting Australians.
We worked with a number of other agencies to identify scams aimed at Australians and analysed the many new phishing techniques used in the Australian and global environment. AusCERT stated, 'much of this work goes on behind the scenes and is very much unnoticed by the community'.