Audit Finds IT Security Flaws Plague Calif. Courts

     SACRAMENTO (CN) – Despite a 2013 audit revealing significant information security flaws, the Judicial Council of California hasn’t improved its control systems and remains “unacceptably” at risk for data breaches, according to a follow-up audit.
     The council’s case management records and human resources data are specifically jeopardized because of its failure to implement recommendations from the original audit, the state auditor said Thursday. The audit also criticized the council for a lack of urgency in setting a timeline for implementing better controls.
     “In the nearly two years since the December 2013 report’s publication, the Judicial Council has not fully implemented the controls required to address the pervasive weaknesses we identified over its information systems and could not provide a projected date for full implementation,” the audit states.
     The initial report by State Auditor Elaine Howle recommended the council implement tighter controls and improve its Superior Courts’ information system controls as well. The 2013 audit found that in one particular case, the council had not updated its information security policy since 1997.
     While specifics of the council’s potential security weaknesses were not given “because of their sensitive nature,” Howle said the council and its courts should implement improvements by June 2016.
     In response to Thursday’s audit, the council said “years of severe budget cuts exacerbate this situation” and that the 29-page report will help in a petition to the state for more funding.
     The council also said in a response letter that without increased funding for its 58 trial courts, it won’t fully implement a new security plan by the auditor’s “unrealistic” implementation date.
     “The June 2016 date contained in the recommendation for full implementation of the framework of information system controls would seem to be unrealistic regardless of whether the requested funding is received,” council administrative director Martin Hoshino said.
     Howle questioned the council’s “lack of urgency,” insisting that the security problems have existed for years and that the implementation date is reasonable regardless of additional funding.
     The report did recognize the council for correcting problematic billing and contract bid procurement practices since the 2013 audit.
     Howle’s follow-up audit surveyed 60 of the council’s vendor payments since 2013 and they all were properly executed. Howle said the council has also improved its handling of vendor bids and ensuring that accepted bids were reasonable.

%d bloggers like this: