AUDIT COMMITTEE SUMMARY
Audit of Information Technology Services Department
Security Training Awareness Program
Audit Objective
Determine if the Information Technology Services Department (ITSD) has implemented the State required Security Training Awareness Program effectively and in compliance with State guidelines.
Background
Texas Government Code (Section 2054) requires all local government employees who have access to a local government computer as well as all elected officials to complete a certified cybersecurity training program by June 14th each year. Local governments must also annually certify their training compliance by June 15th.
In addition, in accordance with the Texas Government Code, the governing body of a local government shall verify and report on the completion of a cybersecurity training program by employees of the local government (performed by ITSD), and require periodic audits to ensure compliance (performed by the Office of the City Auditor).
ITSD administers and monitors cybersecurity training for applicable employees through the Moodle citywide training platform using the Mimecast training program.
Scope & Methodology
The audit scope was Fiscal Year 2020 in addition to the State Security Training Reporting period of July 2019 - June 2020. Testing criteria included Texas Government Code, Section 2054.
Conclusions
We evaluated the Security Training Awareness Program and determined that ITSD has adequate controls to facilitate citywide compliance with the State of Texas security training requirements. Specifically, ITSD has
* Selected a training program certified by the Texas Department of Information Resources (DIR).
* Implemented policies and procedures to appropriately administer citywide security training in accordance with state requirements.
* Developed controls to monitor training progress to ensure completion by all applicable individuals across the City.
* Implemented a process to ensure completion and self-certificati...
Click here for full text