Friday, April 6, 2012

Denver IT audit reveals City at risk for 7 years

Figure 4 - Equipment not protected
 from people or object
Dennis Gallagher, Denver's astute City Auditor, has opened the lid on Denver's seriously lacking Information Technology department. You can download the report here (pdf), or you can read it online here. Photos and quotes that follow are from the report.

...We found conditions indicating that the City has weak information security awareness and is lacking strong leadership and authority for information security governance.
As an illustration of this issue, for almost half of the eighteen sites we sampled throughout the City, we identified one or more of the following conditions: Network equipment is not physically protected from access by the general public, Network equipment is mounted precariously or not protected from contact with people or objects, The general public has inappropriate access to portions of the City’s internal data network
Door to equipment room open, no lock.
Additionally, we found the following conditions that inhibit the ability to ensure the confidentially, integrity, and availability of City business systems: Network equipment is installed in environmentally harsh conditions without temperature monitoring or regulation, and subject to adverse and extreme temperature ranges, Audible alarms signaling temperatures out of tolerance within equipment rooms are not monitored, Computers are installed with access to sensitive networks in areas allowing direct physical access to hardware by prisoners incarcerated by the City and County of Denver Prisoners are allowed physical access to alter computer configuration settings Prisoners are allowed to make to make unauthorized access attempts to the Internet which results in continuous system maintenance and configuration corrections (emphasis added), Areas where network equipment is received, tested, and configured are open to the general public, Network monitoring software is accessible by any internal user, Wireless access points are not installed for optimal performance.


Post a Comment