State IT Security

Performance Audits : Recent Reports : State IT Security

Opportunities to Improve State IT Security 2016 (pdf, 310kb)
November 2016
Summary: This performance audit looked for opportunities to strengthen information technology (IT) security controls at state agencies in Washington. Working with subject matter experts, we conducted security assessments of organizational IT infrastructure and applications at three state agencies. We also consulted with the state's Chief Information Security Officer at the Washington Technology Solutions (WaTech) Office of Cyber Security. The agencies we examined have taken significant measures to protect their IT systems from risk; where we identified ways to improve them, we communicated them directly to the agencies and to WaTech's Office of Cyber Security. However, to protect the state's IT systems from attack, our report does not include the agencies' names or detailed descriptions of our results.

Opportunities to Improve State IT Security (pdf, 1.4mb)
December 2014
Summary: While Washington has taken many measures to protect itself from cyber threats, this performance audit found opportunities to strengthen the state's information technology (IT) security posture to reduce the risk of hacking or other attacks. We found that the state's IT security standards align with leading practices, but we also found that agencies are not fully complying with all standards. Our compliance and application security testing found numerous issues at those agencies we tested, including significant discrepancies between agency-reported compliance with state standards and our own results. See multimedia materials here. Read the two-page summary (pdf, 100 kb) Read Appendix C additional materials (pdf, 292 kb)




  • Search Reports