Published on July 20th, 2022 📆 | 2177 Views ⚑
0Oregon Secretary of State audit finds gaps in Department of Corrections cybersecurity
The Secretary of State's Office said inmates' personal data could be at risk
PORTLAND, Ore. (KOIN) ā The Oregon Department of Corrections could do more to protect against cybersecurity threats, the Oregon Secretary of Stateās Office said in an audit report released Wednesday.Ā
The Secretary of Stateās Office said this is the eighth report in a series of cybersecurity audits itās conducted and that while the DOC has partially implemented 16 of the 17 Center for Internet Security controls, it could not be sure that all controls were fully in place.Ā
The things the Secretary of Stateās Office is concerned about include safeguards in data management, configuration management, vulnerability management and malware defense. The audit also found gaps in training, specifically role-based training, and said this may be the cause for some of the identified deficiencies.Ā
The cybersecurity audits evaluate IT security risks and provide a high-level view of an agencyās current state. Auditors use the Center for Internet Securityās controls, a prioritized list of defensive actions that give a framework for agencies and businesses to improve their cyber defense, as criteria.Ā
The Secretary of Stateās Office said there have been cybersecurity breaches at Oregon state agencies in the past and the threat of these attacks puts the data the DOC collects on adults in custody at risk.Ā
If the state IT network is ever compromised, operations in other state agencies could also be impacted.Ā
āThe security of Oregonās information resources should be a top priority of all state agencies,ā said Secretary of State Shemia Fagan. āMy mission as Secretary of State is to build trust between Oregonians and their state government. Agencies and service providers must work together to address the findings outlined in our cybersecurity reports because a lapse in security can quickly erode the publicās trust.āĀ
Faganās office said state agencies consistently have gaps in inventory practices. Without strong inventory controls, agencies canāt ensure that all their technology assets are protected and monitored, auditors said.Ā
DOC management agreed with all the recommendations in the audit.Ā The full audit report is available to read online. However, the report states that based on the sensitive nature of its findings, some details have been excluded from the public.
Gloss