The Oregon Department of Corrections (DOC) has yet to fully implement important and critical cybersecurity measures, according to an audit report put out by the Secretary of State Shemia Fagan.

The report looked at various areas where there might be IT security risks and provides an in-depth look into the agency’s current state. The auditors used criteria from Center for Internet Security’s CIS Controls to make the evaluation.

“We found DOC has partially implemented 16 of the 17 CIS Controls we evaluated. Due to gaps in inventory management processes, we could not identify all assets and provide complete assurance that some controls were in place,” the report stated. “These controls included those associated with safeguards in data management, configuration management, vulnerability management, and malware defense.”

The concerns over cybersecurity have become an important issue in the state of Oregon, which has in the past seen security breaches at the local agency level. These concerns have also grown due to the ability for these breaches to have adverse effects to other state agencies across the country.

“The security of Oregon’s information resources should be a top priority of all state agencies,” said Fagan. “My mission as Secretary of State is to build trust between Oregonians and their state government. Agencies and service providers must work together to address the findings outlined in our cybersecurity reports because a lapse in security can quickly erode the public’s trust.”

Some of the information of this audit has been made confidential due to some information being deemed too sensitive for the public’s viewing.


Read More About