The Department of Administrative Services (DAS) lacks basic cybersecurity safeguards, according to an audit report released today by Secretary of State Bev Clarno.
“The security of Oregon’s data is a serious issue,” said Secretary of State Bev Clarno. “DAS should take immediate action to address the findings outlined in this report.”
Auditors concluded the agency does not have a security management program that identifies necessary actions to ensure systems are appropriately secure and lacks basic foundational cybersecurity safeguards. This is due in large part to a fragmented organizational and governance structure, as well as numerous legacy applications within various business units. Additionally, the DAS CIO role lacks appropriate functional authority and staffing to carry out its official responsibilities and ensure consistent controls across these units. As a result, DAS systems and data may be at risk for unauthorized use, disclosure, or modification.
Read the full audit on the Secretary of State website.