Audit shows Kansas agencies still have significant IT flaws, gaps in IT security training


Lawmakers say the problems need to be addressed before state agencies get hacked

- Advertisement -

by Rachel Mipro, Kansas Reflector
December 12, 2022

TOPEKA — Kansas auditors found serious flaws in several state agencies’ IT security measures, according to survey results spanning from January 2020 to December of this year.

The audit of 21 state agencies and school districts tested 40-50 IT security and control items. One entity was audited twice and counted as two separate entities. Out of the 21 entities, 10 scored poorly or very poorly in vulnerability tests — below 50% in security and IT standards.

During a legislative post audit committee meeting Monday, Alex Gard, principal IT auditor in the Kansas Legislative Division of Post Audit, said some of the entities surveyed hadn’t fixed problem areas since the last time they were audited.

“State agencies and school districts continue to have similar IT security issues to those we’ve identified in audits we’ve conducted over the past 20 years,” Gard said. “Several entities were audited for the second or third time during the past 10 years or so, and some entities improved from one audit to the next, while others had repeated findings.”

Gard said most of the problems stemmed from either a lack of proper oversight, or a lack of staff resources to address IT security issues. Most of the audited entities had some level of unsupported software, and in some cases, the entities didn’t have any IT security training or security plans for keeping data safe.

Gard said some entities also failed phishing tests, or didn’t dispose of sensitive information in a safe manner.

“Overall, we found significant security issues in many systems with respect to account security, data protection, scanning and patching and risk and security assessment,” Gard said.

Rep. John Barker, R-Abilene, said lawmakers needed to actively address gaps in IT security. He said he was worried the state was vulnerable to losing sensitive information.

“I just think the Legislature at some point needs to address this issue so we can see some improvement,” Barker said. “Wait till we get hacked.”

Barker said he wasn’t sure if the state’s IT problems came from leadership issues, or a lack of experienced personnel, but thought more needed to be done.

“Overall, the state, it doesn’t seem like we’re making any progress,” Barker said.

For future IT security audits, starting in 2023, lawmakers decided to choose a broader audit plan that would focus on more entities, testing a few set IT areas instead of an intensive evaluation of fewer entities.

“It does cast a broader net, and then it does help us identify more potential problems,” said Sen. Mike Thompson, R-Shawnee.

During the meeting, lawmakers also approved auditing K-12 school districts to evaluate the estimated costs of providing educational opportunities for every public school student to meet performance outcome standards set by the Kansas State Board of Education.

The audit also would evaluate the relationship between costs for these educational opportunities and the outcome of the expenditures.

Kansas Reflector is part of States Newsroom, a network of news bureaus supported by grants and a coalition of donors as a 501c(3) public charity. Kansas Reflector maintains editorial independence. Contact Editor Sherman Smith for questions: info@kansasreflector.com. Follow Kansas Reflector on Facebook and Twitter.

- Advertisement -
Derek Nester
Derek Nesterhttps://sunflowerstateradio.com
Derek Nester was born and raised in Blue Rapids and graduated from Valley Heights High School in 2000. He attended Cowley College in Arkansas City and Johnson County Community College in Overland Park studying Journalism & Media Communications. In 2002 Derek joined Taylor Communications, Inc. in Salina, Kansas working in digital media for 550 AM KFRM and 100.9 FM KCLY. Following that stop, he joined Dierking Communications, Inc. stations KNDY AM & FM as a board operator and fill-in sports play-by-play announcer. Starting in 2005 Derek joined the Kansas City Chiefs Radio Network as a Studio Coordinator at 101 The Fox in Kansas City, a role he would serve for 15 years culminating in the Super Bowl LIV Championship game broadcast. In 2020 he moved to Audacy, formerly known as Entercom Communications, Inc. and 106.5 The Wolf and 610 Sports Radio, the new flagship stations of the Kansas City Chiefs Radio Network, the largest radio network in the NFL. Through all of this, Derek continues to serve as the Digital Media Director for Sunflower State Radio, the digital and social media operations of Dierking Communications, Inc. and the 6 radio stations it owns and operates across Kansas.

Share post:

- Advertisement -

Related Headlines

- Advertisement -

Most Viewed

From Sunflower State Radio



Marshall County Commission Meeting Minutes – 1/23/2023

The Board of Marshall County Commissioners met in regular...

Coach’s Corner: Washington County Boys Basketball with Bobby Smith – 1/26/2023

Coach's Corner: Washington County Boys Basketball with Bobby Smith - 1/26/2023