Report Summary
Financial-Related Audit
Department of Human Services
MAXIS Data Integrity Audit
The Department of Human Services developed a complex security infrastructure to protect the integrity and confidentiality of MAXIS data. However, this security infrastructure contained several significant weaknesses:
- Many employees and contractors had extremely powerful security clearances that they did not need to fulfill their job duties.
- The department did not deploy appropriate controls over some computer programs that are part of the MAXIS nightly scheduled batch processing environment. Computer programs that are used for scheduled batch processing are risky because they do not require a password and typically have extremely powerful security clearances. Unauthorized changes to these programs could lead to a disastrous loss of data or the unauthorized disclosure of confidential information.
Inadequate oversight of the overall MAXIS security infrastructure allowed these security weaknesses to go undetected.
- The department has not performed a complete information technology risk assessment of MAXIS for many years. It is imperative to periodically reassess information technology risks because computer systems and the organizations that manage those systems constantly change. Furthermore, new information technology vulnerabilities surface daily that could adversely impact the adequacy of security controls.