×
×
homepage logo

Audit says Kansas computer system security lacking

By The Associated Press - | Jul 23, 2014

? The state’s current level of computer security could leave Kansas residents’ sensitive personal information vulnerable, a recent internal audit of the state’s computer systems concluded.

It also criticizes the state for not trying harder to make some Kansas agencies comply with a requirement that they provide detail information technology plans, the Topeka Capital-Journal reported.

A top Kansas computer security officer says there is not enough money or qualified computer security experts in Topeka to address those concerns.

Lawmakers on the Legislative Post Audit Committee have asked Kansas’ information technology agency to provide an estimate of how much it would cost to implement the auditors’ recommendations.

“It’s time that we really address this,” said Rep. Peggy Mast, an Emporia Republican. She added that the Legislature should have “serious hearings” about the state’s ability to protect sensitive information.

Sensitive data is contained on 353 computer systems operated by 75 state agencies, the audit found. Seventeen of the 45 agencies that hold data considered “high risk” had not had an independent security evaluation in the last three years, auditor said.

Agencies are required to submit three-year information technology plans but auditors said some “agencies think they are time consuming and provide little value to them.”

The audit found little oversight, noting the state’s chief information technology architect “did not follow up on missing plans, and in one year did not send necessary templates and instructions to all agencies.”

John Byers, the chief information security person for the Office of Information Technology Services, said the office would have a hard time finding enough computer security experts in Topeka. Since his office is prohibited from outsourcing security, Byers said the agency would have to recruit experts from outside the area.

“That will not be an easy task at our current wages,” he said.

Auditors found that computer security employees pay ranges from $53,000 to $123,000, depending on the agency.