The latest report from B-C’s auditor general examines controls that prevent unauthorized access to government data — and finds some ministries are doing a poor job of guarding the door.
Auditor General Carol Bellringer says an audit of five ministries found some were not consistently following rules set up to restrict unauthorized access to government systems.
Bellringer also finds that the Office of the Chief Information Officer (OCIO) should be more assertive in reminding ministries that the office is responsible for managing the internal directory service and that ministries must meet information security standards.
She adds that the activities of employees with enhanced access are not being reviewed consistently to ensure appropriate use, “some government employees have significant access to and abilities within government systems. For example, a system administrator often has the ability to create or alter accounts for their organization’s users.”
Improving coordination between the agencies responsible for the two separate databases that store employee information (Public Service Agency) and account information (OCIO) is also recommended. It includes comparing the two lists to ensure legitimacy and control access.
The auditor general calls the internal directory service the “first defence against unauthorized access to government resources,” and says it only takes “one poorly managed user account to compromise government systems.”
With files from the Canadian Press