Cybersecurity: Asset Management Follow-up
In June 2021, third-party firm CP Cyber and our audit staff completed a cybersecurity assessment related to asset management. The original report gave a general overview of asset management.
After following up, we found some areas of strength and some areas that still need improvement. Because of the information security sensitivities involved with this cybersecurity assessment, we communicated these issues directly with the relevant city agencies for remediation.
Cybersecurity begins with knowing what assets are owned and managed by an organization. Information technology assets can take many forms — from traditional computer workstations to servers, where each asset has a name and an IP address.
Many cybersecurity-related risks can be traced back to poor asset management. Unknown devices on a network will not receive updates or patches — leaving the devices vulnerable to unwanted exposure to malware or hacking attacks.
Information technology administrators cannot expect to securely maintain their assets if they do not have proper asset management. For this reason, many leading practices list asset management as the first step in a cybersecurity strategy.
October 6, 2022
In keeping with generally accepted government auditing standards and Auditor’s Office policy, as authorized by city ordinance, we have a responsibility to monitor and follow up on audit recommendations to ensure city agencies address audit findings through appropriate corrective action and to aid us in planning future audits.
After following up on the “Cybersecurity: Asset Management” assessment report completed with CP Cyber and issued in June 2021, we found some areas of strength and some areas that still need improvement. Because of the information security sensitivities involved with this cybersecurity assessment, we communicated these issues directly with the relevant city agencies for remediation.
We appreciate the city leaders and team members who shared their time and knowledge with us and CP Cyber throughout the assessment and the follow-up process. Please contact me at 720-913-5000 with any questions.
Timothy O'Brien, CPA
AUDITOR TIMOTHY O'BRIEN, CPA
Denver Auditor´s Office
201 W. Colfax Ave. #705 Denver, CO 80202
Follow us on Facebook Connect with us on Twitter
Read our social media policy