Jail Management System - Maricopa County
Jail Management System - Maricopa County
Jail Management System - Maricopa County
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Security Awareness Training<br />
MCSO’s TOC training focuses on authorized access and dissemination of criminal justice<br />
information, but does not include all of the security awareness areas required in CJIS policy.<br />
CJIS mandates specific training topics regarding the proper handling of criminal justice<br />
information, based on a user’s exposure to and involvement with the criminal justice<br />
information.<br />
Account Access Reviews<br />
Although MCSO validates TOC identification numbers through a semi-annual, Arizona<br />
Department of Public Safety (DPS) review and reconciliation process, it does not have a<br />
formalized process for validating all JMS and operating system user accounts and their<br />
associated access permissions.<br />
Effect<br />
Personnel Screening - Incomplete personnel screening processes may leave MCSO vulnerable to<br />
potential abuse of sensitive law enforcement data.<br />
Security Awareness Training - JMS users that do not receive the mandated CJIS training may<br />
inadvertently mishandle criminal justice information.<br />
Account Access Reviews - Informally managed user permissions increases the risk that<br />
unauthorized users may inappropriately access or modify criminal justice information.<br />
Cause<br />
Personnel Screening - MCSO has not developed a formalized background check policy for JMS<br />
users without ACJIS database permissions.<br />
Security Awareness Training - Although MCSO’s TOC training program aligns with DPS<br />
guidance, these requirements do not meet the minimum CJIS Security Policy standards.<br />
Account Access Reviews - MCSO has relied on the extensive hands-on experience of longtenured<br />
employees to compensate for formalized procedures, and has invested its resources on<br />
day-to-day functions rather than documenting its operations.<br />
Recommendations<br />
MCSO should consider:<br />
A. Developing a personnel screening policy that covers JMS users who do not access ACJIS<br />
data.<br />
B. Enhancing the security awareness training program to align with the CJIS Security Policy<br />
requirements.<br />
C. Developing formalized policies and procedures to periodically review and validate JMS<br />
access accounts and permissions. Leading practices suggest user access reviews be<br />
conducted at least annually.<br />
<strong>Maricopa</strong> <strong>County</strong> Internal Audit 11 <strong>Jail</strong> <strong>Management</strong> <strong>System</strong>–May 2012