The audit called on the Executive Office of Housing and Economic Development (EOHED) to improve its oversight of cybersecurity awareness training for employees. During the audit, which examined the period of May 14, 2018 through June 30, 2019, 45 employees did not complete required cybersecurity awareness training.
Audit Audit of the Executive Office of Housing and Economic Development—Review of Cybersecurity Awareness Training
|Organization:||Office of the State Auditor|
|Date published:||November 24, 2020|
In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted an audit of the Executive Office of Housing and Economic Development (EOHED) covering the period May 14, 2018 through June 30, 2019. The purpose of this audit was to determine whether, during our audit period, EOHED ensured that all its information system users1 in the Human Resources Compensation Management System (HR/CMS) managed by the state Human Resources Division completed the required cybersecurity awareness training.
Below is a summary of our finding and recommendation, with links to each page listed.
EOHED did not ensure that all information system users in HR/CMS completed the required cybersecurity awareness training.
EOHED should establish effective monitoring controls over its cybersecurity awareness training to ensure that all its information system users complete it in accordance with the standards of the Executive Office of Technology Services and Security and that EOHED maintains documentation of the completion of this training.
1. These users include full-time, part-time, and temporary employees, interns, and contractors with access to EOHED information systems.