Audit Division
Audit Summary
Department of Prisons
Computer Systems Security
LA98-17
Results in Brief

The Department's AS/400 system controls provide reasonable assurance that its data, programs, and software are protected from unauthorized access. For instance, procedures such as constant monitoring of user profiles provide strong front-end controls. However, in a few instances we found secondary operating system settings inconsistent with the higher support level established by SSIS for global security to protect against unauthorized access. When these inconsistencies were identified, SSIS staff immediately set the value to a higher security level. We also found that the computer room was not protected from disasters such as fire.

Principal Findings

1. Secondary operating system settings are incompatible with other related system settings. (page 8)

2. Environment controls in the computer room need to be improved. (page 8)
 
 
 
 

Agency Response
to Audit Recommendations
 

Recommendation
Number                                                                                 Accepted                Rejected

1 Continue reviewing operating system settings for
   compatibility with other related system settings.....                      X

2 Improve the environmental conditions in the computer
    room.....................................................................                  X
 
 

TOTALS                                                                                     2                               0