A new report by Missouri State Auditor Scott Fitzpatrick calls for increased cybersecurity awareness and training for state employees. On Monday, Fitzpatrick released a report highlighting the need for the state to foster a security-aware culture that addresses cyber threats and teaches staff. “While rapid advances in technology have undoubtedly made government operations more efficient, they have also increased the risk of data breaches and other hacking efforts that could disrupt critical services,” Fitzpatrick said. “There has been a significant increase.” . “With tens of thousands of state employees using computers with Internet access on a daily basis, it is critical for states to make effective security awareness training an important part of their culture.” Audit The report focuses on fiscal year end. June 30, 2023, related to security awareness training for 18 state agencies overseen by the Executive Branch Information Technology Services Division (ITSD) and 16 state agencies that operate independently of ITSD. We have reviewed our policies and procedures. The report found that approximately 20% of employees did not attend security awareness training during the testing period, even though ITSD policy requires all employees using state-owned systems to attend monthly security awareness training. was not completed. The report recommends that ITSD update its security awareness training policies to mandate monitoring procedures. We also propose to clarify whether CEs can exempt certain employees from training requirements.
A new report by Missouri State Comptroller Scott Fitzpatrick says cybersecurity awareness and training for state employees needs to be increased.
Fitzpatrick released a report Monday highlighting the need for the state to foster a security-conscious culture that teaches employees how to deal with cyber threats and protect state resources.
“While there is no doubt that rapid advances in technology have enabled governments to operate more efficiently, they have also significantly increased the risk of data breaches and other hacking activities that could disrupt critical services. “We did,” Fitzpatrick said. “With tens of thousands of state employees using computers with Internet access on a daily basis, it is critical for states to make effective security awareness training an important part of their culture.”
The audit report focuses on the fiscal year ended June 30, 2023, and includes 18 state agencies overseen by the Executive Branch Information Technology Services Division (ITSD) and 16 independently operated state agencies. Reviewed state agency policies and procedures related to security awareness training. ITSD.
According to the report, approximately 20% of employees did not attend security awareness training during the testing period, despite ITSD policy requiring all employees using state-owned systems to attend monthly security awareness training. Turns out it wasn't completed.
The report recommends that ITSD update its security awareness training policy and mandate monitoring procedures for CE security awareness training to ensure the required training is completed.
We also propose to clarify whether CEs can waive training requirements for certain employees.
