Victoria Police's Case Management and Intelligence Management System

A high level compliance review of Victoria Police's Case Management and Intelligence Management System, Interpose, was undertaken in order to identify areas of information security risk and non-compliance with CLEDS Standards.

Interpose is Victoria Police's principal database used for collecting and analysing intelligence. It contains information relating to ongoing investigations, intelligence reports and sensitive data about individuals - some of whom have committed crimes and others who have not. Interpose has approximately 4500 users.

This review contains mostly sensitive information regarding the methods and procedures used by Victoria Police in undertaking their functions. It highlights significant security flaws in Victoria Polices' primary intelligence database. As such the report has been classified Security- In-Confidence and therefore must be handled in accordance with the rules that apply to this security classification.

Overall, the way in which Victoria Police manage the security of its principal intelligence database fails to comply with the CLEDS Standards.

The most significant information security deficiencies and failures to comply with CLEDS Standards were found in relation to:
" Threat and risk assessments (Standard 25);
" Security classification (Standards 27-28);
" Cryptographic Controls (Standard 23);
" Logging and audit (Standard 10);
" Generic user accounts (Standard 9, Protocol 9.4); and
" Business continuity and disaster recovery (Standards 34-35).