Jail Management System - Maricopa County
Jail Management System - Maricopa County
Jail Management System - Maricopa County
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Executive Summary<br />
IT Control Environment (Page 7)<br />
The <strong>Maricopa</strong> <strong>County</strong> Sheriff’s Office (MCSO) information technology (IT) control<br />
environment generally follows industry standards in key areas.<br />
Network Security (Page 9)<br />
We tested network security controls in four key areas: (1) The Criminal Justice Network, (2)<br />
password management, (3) remote access security, and (4) patch management. Strong network<br />
security controls reduce the likelihood of system vulnerabilities and breaches. Due to the<br />
sensitive nature of this work, we provided MCSO management with detailed findings in a<br />
separate report.<br />
Personnel Screening and Access Reviews (Page 10)<br />
MCSO personnel screening, security awareness training, and account access review processes<br />
could be improved. Incomplete personnel screening and training processes may leave MCSO<br />
vulnerable to potential abuse of sensitive data. Undocumented user access procedures increase<br />
the risk that unauthorized users may inappropriately access or modify criminal justice<br />
information. MCSO should consider strengthening personnel screening policies, provide user<br />
awareness training, and conduct user access reviews.<br />
Change <strong>Management</strong> (Page 12)<br />
MCSO does not have a formalized change management process for authorizing, testing, and<br />
approving the <strong>Jail</strong> <strong>Management</strong> <strong>System</strong> (JMS) changes. JMS developers have unrestricted<br />
access to the application. If unauthorized or untested changes are introduced into JMS, they<br />
could create data integrity and system availability issues. MCSO should strengthen its change<br />
management controls.<br />
IT Strategic Planning and Project <strong>Management</strong> (Page 13)<br />
MCSO does not have a formal IT strategic plan or project management process that effectively<br />
aligns IT resource spending with MCSO’s core mission. A strategic plan helps ensure that<br />
critical IT projects are completed efficiently and economically. MCSO should consider<br />
developing an IT strategic plan and project management framework.<br />
IT Policies and Procedures (Page 15)<br />
MCSO does not have formal JMS security policies and procedures that should address Criminal<br />
Justice Information Services Security Policy requirements. Formalized IT procedures can help<br />
MCSO implement security and other control activities during personnel absences and turnover.<br />
MCSO should develop formalized JMS IT policies and procedures.<br />
<strong>Maricopa</strong> <strong>County</strong> Internal Audit 1 <strong>Jail</strong> <strong>Management</strong> <strong>System</strong>–May 2012