Department of Civil Service
Network Security Controls (Issued 2/17/12)
To determine whether the confidential data maintained at the Department of Civil Service (Department) is secure from unauthorized access. The audit covers the period February 2011 - September 2011.
The Department is the central personnel agency for the State of New York and provides a variety of human resource services. The Department has implemented a strategic initiative to expand the use of web-based applications to support the agency’s mission and objectives. The Department must comply with the New York State Office of Cyber Security’s Information Security Policy which defines a minimum set of security standards that state entities must meet. In addition, the Department has its own Information Security Policy that requires all Department information to be protected from unauthorized access.
- The Department’s data and resources are at risk of unauthorized access, disclosure of sensitive data, and denial of service, in part because the Department has not evaluated the effectiveness of its security controls. Without this evaluation, the Department cannot be sure its controls adequately secure confidential data.
- Implement the specific recommendations for strengthening the Department’s network security that were provided to Department officials during this audit. The details of our recommendations are not provided here due to the sensitivity of the information and the potential risk associated with the release of such information.
Other Related Audits/Reports of Interest
Office for the Aging: Security Controls Over Computer Network Report 2010-S-23
Workers Compensation Board: Network Security Controls Report 2009-S-49
State Government Accountability Contact Information:
Audit Director: John Buyce
Phone:(518) 474-3271; Email: StateGovernmentAccountability@osc.state.ny.us
Address: Office of the State Comptroller; Division of State Government Accountability; 110 State Street, 11th Floor; Albany, NY 12236