In what will be one of the last audits he will present to the county before a new auditor is sworn in next year, Washington County Auditor John Hutzler said the county’s information security contains “concerning deficiencies.”
Presenting the findings of a 2021 audit his office conducted to the Board of Commissioners on Tuesday, Dec. 6, Hutzler said that significant problems with the county’s information security management were discovered during the audit.
“At the time of our fieldwork, we found concerning deficiencies in County information security management and serious deficiencies in the implementation of CIS Basic Controls,” the auditor’s report states.
Recommendations
However, Hutzler didn’t go into much detail about the issues his audit identified, purportedly out of caution to exposing the county to greater cyber risks.
Hutzler did say that the audit was based on the “six Basic Controls identified by the Center for Internet Security (CIS) Controls,” a best-practices framework created by a national community of IT experts.
Hutzler said that, while he couldn’t go…
