Auditor Uncovers CA State Government IT Security Flaws

SACRAMENTO, Calif. (AP) – California’s auditor says parts of state government need to do more to safeguard the information they collect, maintain, and store.

A report released Tuesday by Auditor Elaine Howle’s says it found “high risk deficiencies” when it surveyed information security practices at 33 government entities. Those entities are not required to meet the sort of information security standards mandated for cabinet-level departments and other executive branch agencies.

The report does not name specific entities, but they could include statewide constitutional offices or parts of the judicial branch.

One entity did not change the default passwords on equipment while another did not install security updates on devices.

The report suggests state entities adopt information security standards comparable to the executive branch’s policies and undergo a comprehensive assessment at least every three years.