This page, The Hampden County District Attorney’s Office Did Not Provide Cybersecurity Awareness Training to Its Employees., is offered by
Office of the State Auditor

The Hampden County District Attorney’s Office Did Not Provide Cybersecurity Awareness Training to Its Employees.

The Hampden County District Attorney’s Office (HCDA) did not provide cybersecurity awareness training to its employees during the audit period.

Skip table of contents

You skipped the table of contents section.

Overview

The Hampden County District Attorney’s Office (HCDA) did not provide cybersecurity awareness training to its employees during the audit period.

Without educating its employees on their responsibility to protect the security of information assets, HCDA is exposed to a higher risk of cybersecurity attacks and financial and/or reputational losses.

Authoritative Guidance

The Executive Office of Technology Services and Security’s Information Security Risk Management Standard IS.010 states,

6.2.3 New Hire Security Awareness Training: All new personnel must complete an Initial Security Awareness Training course. . . . The New Hire Security Awareness course must be completed within 30 days of new hire orientation.

6.2.4 Annual Security Awareness Training: All personnel will be required to complete Annual Security Awareness Training.

Although HCDA is not required to follow this standard, we consider it a best practice.

Reasons for Issue

HCDA did not have policies and procedures that require new employees to complete cybersecurity awareness training within 30 days of their orientation or that require employees to receive annual cybersecurity awareness training.

Recommendations

HCDA should create a policy and procedure to train new and existing employees on cybersecurity awareness.
HCDA should provide cybersecurity awareness training to its employees within 30 days of orientation and annually thereafter.

Auditee’s Response

During the audit period, the Hampden District Attorney's Office did not have a specific cybersecurity training program in place. However, all employees were instructed regarding security measures and how to report breaches of security should they occur. Knowing the importance of having a specific training regimen, this office was in the process of securing cybersecurity awareness training during the audit period.

When the audit was begun in July of 2022, the Hampden District Attorney's Office had a policy and procedure in place for all employees regarding cybersecurity awareness training. This consists of periodic training sessions throughout the year as well as security awareness testing. Therefore, the recommendations resulting from the finding have been implemented.

Auditor’s Reply

Based on its response, HCDA has taken measures to address our concerns on this matter.

Date published:	November 28, 2023

Help Us Improve Mass.gov with your feedback

Did you find what you were looking for on this webpage?

Yes

If you have any suggestions for the website, please let us know. How can we improve the page?

Please do not include personal or contact information.

The feedback will only be used for improving the website. If you need assistance, please contact the State Auditor. Please limit your input to 500 characters.

Please remove any contact information or personal data from your feedback.

If you need assistance, please contact the State Auditor.

Please let us know how we can improve this page.