Denver’s City Auditor Tim O’Brien has released a report revealing significant gaps in the city’s cybersecurity program. The audit indicates that Denver lacks a comprehensive strategy for assessing and managing potential cybersecurity risks. The current approach is described as “informal,” especially regarding oversight of independent city agencies and cultural institutions like the Denver Art Museum and Denver Zoo, which operate on subnetworks connected to the city’s main system.
The audit, conducted over two years from January 2022 to December 2023, highlights several issues with the city’s cybersecurity practices. It notes that city staff have not consistently completed mandatory quarterly cybersecurity training. Additionally, there is no specific training program for employees responsible for citywide IT risk management, which undermines the overall effectiveness of the city’s cybersecurity efforts.
O’Brien’s report underscores the need for a more structured and comprehensive cybersecurity strategy within Denver. The lack of a robust program poses risks not only to the city’s own IT infrastructure but also to the numerous independent agencies and cultural sites that are connected to the city’s network.
The findings of the audit call for immediate action to address these weaknesses. Implementing consistent training and developing a more formalized risk management approach are critical steps in enhancing the city’s cybersecurity posture and protecting against potential threats.
Reference:
