A review of the Attorney General’s Office’s (AGO) information technology (IT) security practices showed that not all AGO employees were offered or required to take cybersecurity awareness training during a portion of the audit period. The audit examined the period of July 1, 2018 through July 31, 2020.
- This page, Audit of the Attorney General’s Office—Review of Cybersecurity Awareness Training, is offered by
- Office of the State Auditor
Audit Audit of the Attorney General’s Office—Review of Cybersecurity Awareness Training
|Organization:||Office of the State Auditor|
|Date published:||October 29, 2021|
In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of the Attorney General’s Office (AGO) for the period July 1, 2018 through July 31, 2020. In this performance audit, we reviewed AGO’s cybersecurity awareness training and practices to determine whether all employees had completed cybersecurity awareness training and signed information technology policies.
Below is a summary of our finding and our recommendations, with links to each page listed.
AGO did not offer cybersecurity awareness training during a portion of the audit period.
During the audit, AGO management provided the audit team with the agency’s then-current draft of its cybersecurity awareness training policy. Our review of this draft policy indicated that AGO had addressed the concern discussed in the audit report regarding the lack of training for employees, such as student interns, who were compensated outside the Human Resources Compensation Management System during the audit period. It did so by including these employees in future trainings.