ISA-2015-4660
This audit was conducted to assess IT security governance and management practices by the Department of Information Technology (Department) over the Executive Branch. This audit covered many key areas that are essential to ensuring proper IT security. Our audit revealed the Department does not have all governance and management activities in place to ensure effective oversight of Executive Branch IT security. Furthermore, the Department has deficiencies in its prevention, detection, and response processes to effectively protect government systems and data. Our audit also found a matter for further consideration, IT security laws in the state should be modernized. The State CIO generally agreed with our findings and recommendations. Details about each item are provided in the Findings and Recommendations section of the report.