• This page, Other Matters: The Hampden County Sheriff’s Office Does Not Conduct Information Technology Security Awareness Training., is   offered by
  • Office of the State Auditor

Other Matters: The Hampden County Sheriff’s Office Does Not Conduct Information Technology Security Awareness Training.

HCSO should implement some form of IT security awareness training related to data security for employees upon hire and periodically thereafter.

Table of Contents

Overview

During our assessment of the information system controls of the Hampden County Sheriff’s Office (HCSO), we noted that HCSO did not conduct information technology (IT) security awareness training for its staff, upon hire and periodically thereafter, to ensure that HCSO’s data are secure. Our assessment included a review of information system policies and procedures and discussions with IT security personnel.

HCSO is classified as an independent agency because the Sheriff is an elected official. Although independent agencies are not specifically required by law to conduct IT security awareness training, best business practices dictate that agencies should do so to help protect their information systems and potentially prevent sensitive information from being released. For instance, such training is required for executive departments by the Commonwealth’s Executive Office of Technology Services and Security.

We believe that HCSO should implement some form of IT security awareness training related to data security for employees upon hire and periodically thereafter. HCSO handles sensitive information, and this training could provide a level of security to reduce the risk of its information systems being compromised. IT security awareness training informs employees about cybersecurity and possible threats to information systems and helps agencies safeguard information.

Date published: May 14, 2020

Help Us Improve Mass.gov  with your feedback

Please do not include personal or contact information.
Feedback