Jail Management System - Maricopa County

More documents

Recommendations

Info

Issue #1: For Information. No response required. Issue #2: Jail Management System (JMS) Sheriff's Office- JMS Report February 2012 Audit Response - April 25, 2012 MCSO network security controls could be strengthened in four key areas: (1) the Criminal Justice Network, (2) password parameters, (3) remote access security, and (4) patch management. Stronger network security controls reduce the likelihood of system vulnerabilities and breaches. MCSO should strengthen network security controls in these areas. Response requested for Agency Memo only. See Agency memo (separate). Issue #3: MCSO personnel screening, security awareness training, and account access review processes could be improved. Incomplete personnel screening and training processes may leave MeSO vulnerable to potential abuse of sensitive data. Undocumented user access procedures increase the risk that unauthorized users may inappropriately access or modify criminal justice information. MCSO should consider strengthening personnel screening policies, provide user awareness training, and conduct user access reviews. Recommendation A: MCSO should consider developing a personnel screening policy that covers JMS users who do not access ACJIS data. Response: Management accepts the risk of this issue. This recommendation applies to a very small number of Maricopa County Office of Public Defender, Office of Management and Budget and Department of Finance employees. These users access limited data that is not criminal history information. Target Completion Date: N/A Benefits/Costs: Increased accountability and control. Recommendation B: MCSO should consider enhancing the security awareness training program to align with the CJIS Security Policy requirements. Response: Completed. Security awareness training has been automated by the Arizona Department of Public Safety. County employees will complete the computer-based Page 1 of 4
Jail Management System (JMS) Sheriff's Office- JMS Report February 2012 Audit Response - April 25, 2012 training and the test for TOC certification electronically. MCSO will no longer be conducting security awareness training. Completion Date: 4/13/12 Benefits/Costs: Increased accountability and control. Recommendation C: MCSO should consider developing formalized policies and procedures to periodically review and validate JMS access accounts and permissions. Leading practices suggest users access reviews be conducted at least annually. Response: Concur. JMS access accounts and permissions will be reviewed annually corresponding with a TOC review that is conducted. Target Completion Date: 6/30/12 Benefits/Costs: Increased accountability and control. Issue #4: MCSO does not have a formalized change management process for authorizing, testing, and approving the Jail Management System (JMS) changes. JMS developers have unrestricted access to the application. If unauthorized or untested changes are introduced into JMS, they could create data integrity and system availability issues. MCSO should strengthen its change management controls. Recommendation A: MCSO should develop a formalized process for authorizing, testing, and approving ...IMS changes. Response: Concur. Changes to JMS "base" programming are rare (five or six annually) and MCSO's limited technology staff has allowed this process to be very informal. However, as technology staff increases and the Office moves forward with this and other systems, this process will have to be formalized. Target Completion Date: 1/31/13 Benefits/Costs: Increased accountability and control. Page 2 of 4
Page 1 and 2: A Report to the Board of Supervisor
Page 3 and 4: 301 West Jefferson St Suite 660 Phx
Page 5 and 6: Introduction Background The Jail Ma
Page 7 and 8: JMS Environment Because JMS is a mi
Page 9 and 10: (Blank Page) Maricopa County Intern
Page 11 and 12: Condition Through observation, limi
Page 13 and 14: Issue 3 Personnel Screening and Acc
Page 15 and 16: Issue 4 Change Management Summary M
Page 17 and 18: Recommendations MCSO should conside
Page 19: Sheriff’s Office Response Maricop

Jail Management System - Maricopa County

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?