GA office audit reveals need for improved cybersecurity training


BOSTON, Mass. (WWLP) – The State Auditor’s Office has released a report that recommends improvements to cybersecurity awareness training at the Attorney General’s Office (AGO).

Read the full audit report here.

A review of AGO’s information technology (IT) security practices found that not all AGO employees were invited or required to complete cybersecurity awareness training for part of the period. audit from July 1, 2018 to July 31, 2020. Employees hired after September 28, 2018 did not receive any training before June 30, 2020, when the agency implemented a new cybersecurity training system.

The audit notes that AGO’s transition to its new cybersecurity training system resulted in a period in which the office had no training system in place for employees. Since then, AGO has implemented the new system and updated its Cyber ​​Security Awareness Policy to ensure employees are trained.

“As the work of state government increasingly relies on technology and remote access, public employees need to be acutely aware of how to protect their cybersystems. Today’s audit shows that although there was a gap in training, the Attorney General’s office has taken the necessary steps to ensure that all of its employees complete the cybersecurity training program, ” said Auditor Bump. “I applaud the office for making these crucial improvements.

The Massachusetts Executive Office of Technology Services and Security requires all state employees working in executive agencies to participate in computer security training when hired and thereafter on an annual basis. The audit recommends that AGO ensure that initial cybersecurity awareness training takes place for new hires and that annual training is then available for existing employees. It also recommends that an interim training plan still be in place when the AGO may be in transition to a new training program.

Source link

Leave A Reply

Your email address will not be published.