Minnesota Office of the Legislative Auditor
Financial Audit Division

Menu

Minnesota Office of the Legislative Auditor Menu

Report Summary
Department of Agriculture
Information Technology Network Security Controls Audit

 

Financial Audit Division Report 10-23 Released July 1, 2010

Conclusion

The Department of Agriculture generally had adequate security controls to protect the classifications, integrity, and availability of its data and computer systems from threats originating outside its internal network. However, we identified four weaknesses in internal controls.

Findings

  • The Department of Agriculture did not conduct formal risk assessments.
  • The Department of Agriculture did not assess its monitoring needs nor did it proactively review some security events.
  • The Department of Agriculture did not sufficiently restrict or filter computer traffic in its private internal network.
  • The Department of Agriculture did not periodically recertify some access privileges nor did it implement strong password controls on some accounts.

Audit Objective and Scope

The audit objective was to answer the following question:

  • Did the Department of Agriculture have adequate security controls to protect the department’s computer systems and data from external threats?
We assessed controls as of May 2010.
More Information

Office of the Legislative Auditor ♦ Room 140, 658 Cedar St., St. Paul, MN 55155