Denver vulnerable to cybersecurity risks, city auditor says

0
164

Denver lacks a comprehensive program to assess potentially disastrous cybersecurity risks, City Auditor Tim O’Brien said in a new report.

The city’s current approach can best be described as “informal,” O’Brien said, particularly when it comes to oversight of independent city agencies or cultural facilities — like the Denver Art Museum and Denver Zoo — that operate on subnetworks tied into the city’s broader system.

O’Brien cataloged his office’s findings in an audit report released Thursday.

The report is the product of a review of city data, processes and planning efforts over two years — from Jan. 1, 2022, through Dec. 31, 2023.

The audit team found that city staff did not consistently complete quarterly mandatory cybersecurity training. The city also lacks a specific training regime for employees responsible for citywide information technology risk management.

O’Brien is urging Denver Technology Services — the city department tasked with overseeing and managing all physical and virtual technology that touches the city’s network — to overhaul its approach and create clear guidelines for how every wing of city government handles data and…

Read More…