CDR-API-Stream
commented
8 months ago The UNSW Reports have been published and can be found in the original post.
A video summarising the Reports can be found here.
Closed CDR-API-Stream closed 4 months ago
CDR-API-Stream
commented
8 months ago The UNSW Reports have been published and can be found in the original post.
A video summarising the Reports can be found here.
In 2022, the Data Standards Chair (Chair) commissioned the University of New South Wales (UNSW) to provide two reports to him about cyber security issues related to the CDR and, in particular, the Data Standards:
The scope of both papers was developed in early 2022 through consultation with Treasury, the OAIC and the ACCC.
The final Cyber Threats report was accepted and circulated to CDR agencies in October 2022; and was used extensively in consideration of the public data breaches occurring at the time, and the CDR’s cyber security posture. The final Risk report was accepted in May 2023, after minor edits. The Chair thanks the UNSW team for their expertise and work that has progressed the CDR’s understanding and mitigation of key risks.
In reading the reports, it should be noted that they were drafted based on information then publicly available in 2022. This means UNSW was not provided with Treasury’s Risk Management Framework, which is now currently being used. Additionally, UNSW’s analysis was conducted under a prior version of the Commonwealth’s Risk Management Policy.
Since undertaking this work, the Treasury has undertaken a consultation on screen scraping policy and regulatory implications which sought to compare data accessed through screen scraping with the CDR. UNSW was not asked to compare or contrast the risks of screen-scraping against the CDR and consequently, these reports should not be considered as an evaluation of the CDR; nor an assessment of respective pros or cons of either policy setting.
Noting Paper 330 UNSW Reports