• This page, Audit Makes Recommendations to Improve Cybersecurity Awareness Training at Attorney General’s Office, is   offered by
  • Office of the State Auditor
Press Release

Press Release  Audit Makes Recommendations to Improve Cybersecurity Awareness Training at Attorney General’s Office

Review showed not all AGO employees were offered or required to take cybersecurity awareness training during audit.
For immediate release:
10/29/2021
  • Office of the State Auditor

Media Contact   for Audit Makes Recommendations to Improve Cybersecurity Awareness Training at Attorney General’s Office

Noah Futterman

An image of computer code with a lock.

BostonToday, in a review of the Attorney General’s Office’s (AGO) information technology (IT) security practices, the Office of the State Auditor (OSA) showed not all AGO employees were offered or required to take cybersecurity awareness training during a portion of the audit period. The audit, which examined the period of July 1, 2018 through July 31, 2020, found that AGO employees hired after September 28, 2018 did not receive any training until June 30, 2020, when the agency implemented a new cybersecurity training system.

The audit notes AGO’s transition to its new cybersecurity training system resulted in a period where the office had no training system for employees in place. Since then, AGO has implemented the new system and has made updates to its cybersecurity awareness policy to ensure employees undergo training.

“As the work of state government increasingly relies on technology and remote access, public employees must be keenly aware of how to keep their cyber systems protected. Today’s audit shows that although there was a gap in training, the Attorney General’s Office has taken the necessary steps to ensure all of its employees go through the cybersecurity training program,” Auditor Bump said. “I commend the office for making these critical improvements.”

The audit notes that the Massachusetts Executive Office of Technology Services and Security requires all state employees working in executive agencies to participate in IT security training when they are hired and thereafter on an annual basis. Today’s audit recommends AGO ensure that initial cybersecurity awareness training takes place for new hires and annual training thereafter is available for existing employees. It also recommends that an interim training plan should always be in place when the AGO may be transitioning to a new training program.

AGO is composed of six bureaus: the Executive Bureau, the Criminal Bureau, the Government Bureau, the Public Protection and Advocacy Bureau, the Health Care and Fair Competition Bureau, and the Energy and Environmental Bureau.

The full audit report is available here.

###

Media Contact   for Audit Makes Recommendations to Improve Cybersecurity Awareness Training at Attorney General’s Office

  • Office of the State Auditor 

    The Office of State Auditor Suzanne M. Bump (OSA) conducts audits, investigations, and studies to promote accountability and transparency, improve performance, and make government work better.
  • Help Us Improve Mass.gov  with your feedback

    Please do not include personal or contact information.
    Feedback