FOR IMMEDIATE RELEASE: December 8, 2014
DENVER, Colo.—The Governor’s Office of Information Technology (OIT) had an opportunity today to address findings from an information security audit completed earlier this year by the Colorado Office of the State Auditor.
At a hearing before the Colorado Legislative Audit Committee, leadership from OIT shared the organization’s efforts in recent years and months to mature the cyber security program, including the updating of security policies and procedures. The OSA audit recommended in part that OIT:
Continue efforts to consolidate IT processes and services, update security policies and train staff to adhere to policies Work with agencies to develop, update and test disaster recovery plans for the IT systems reviewed by the OSA. Improve access control on various applications
OIT Chief Information Security Officer Debbi Blyth says, “We would like to thank the Office of the State Auditor for its work. We viewed this as a very valuable opportunity to have our environment assessed, and we cooperated fully and allowed access into our systems to ensure this effort produced meaningful results. We are happy to say that OIT has already made significant progress addressing many of the audit findings.” Blyth adds, “We are also updating our Colorado Information Security Policies so they reflect best practices for our IT security training programs going forward.” Those policies will be published in January 2015.
In addition, OIT is formulating a disaster recovery plan for one of the applications identified in the audit and will create a testing strategy as well as schedule regular disaster recovery plan maintenance. Blyth says, “Some of this work may involve additional funds, but we are committed to helping our agency customers find the best and most affordable solutions.”
Historically, OIT safeguarded the state’s IT systems with an annual security operating budget of just $6000. In 2014, for the first time, IT security spend reached $5.2 million dollars, or 1.19% of the total IT spent for OIT. Typically, organizations spend 6%-8% of their IT budgets on security*.
Colorado’s Secretary of Technology and Chief Information Officer, Suma Nallapati, says, “We take our stewardship of the state’s information very seriously. I am grateful for the OSA’s audit, because it helps us improve our work for the citizens of Colorado.”
More information about the audit report can be found by contacting the Office of the State Auditor at www.state.co.us/auditor.
Tauna Lockhart, Chief Communications Officer & PIO