You Are Here : Home / Government/ Agencies, Departments, and Offices / Auditor's Office / Audit Services / Audit Reports / Cybersecurity: Asset Management Follow-up

Cybersecurity: Asset Management Follow-up

Hacker in a hooded sweatshirt looking at a laptop with a padlock on top of the image.

Overview

In June 2021, third-party firm CP Cyber and our audit staff completed a cybersecurity assessment related to asset management. The original report gave a general overview of asset management.

After following up, we found some areas of strength and some areas that still need improvement. Because of the information security sensitivities involved with this cybersecurity assessment, we communicated these issues directly with the relevant city agencies for remediation.

Background

Cybersecurity begins with knowing what assets are owned and managed by an organization. Information technology assets can take many forms — from traditional computer workstations to servers, where each asset has a name and an IP address.

Many cybersecurity-related risks can be traced back to poor asset management. Unknown devices on a network will not receive updates or patches — leaving the devices vulnerable to unwanted exposure to malware or hacking attacks.

Information technology administrators cannot expect to securely maintain their assets if they do not have proper asset management. For this reason, many leading practices list asset management as the first step in a cybersecurity strategy.

Auditor's Letter

October 6, 2022

In keeping with generally accepted government auditing standards and Auditor’s Office policy, as authorized by city ordinance, we have a responsibility to monitor and follow up on audit recommendations to ensure city agencies address audit findings through appropriate corrective action and to aid us in planning future audits.

After following up on the “Cybersecurity: Asset Management” assessment report completed with CP Cyber and issued in June 2021, we found some areas of strength and some areas that still need improvement. Because of the information security sensitivities involved with this cybersecurity assessment, we communicated these issues directly with the relevant city agencies for remediation.

We appreciate the city leaders and team members who shared their time and knowledge with us and CP Cyber throughout the assessment and the follow-up process. Please contact me at 720-913-5000 with any questions.

Denver Auditor

Timothy O'Brien, CPA

AUDITOR TIMOTHY O'BRIEN, CPA
Denver Auditor

Denver Auditor´s Office

201 W. Colfax Ave. #705 Denver, CO 80202
Email: auditor@denvergov.org
Call: 720-913-5000
Follow us on Facebook Connect with us on Twitter
Read our social media policy

Auditor´s Office Logos for Footer