Skip to Content

Audit: Oregon Dept. of Education has more to do on cybersecurity

Oregon state seal

SALEM, Ore. (KTVZ) -- Although critical cybersecurity protections are in place at the Oregon Department of Education, the agency needs to fully implement and mature their defenses to address security risks, according to an audit released Wednesday by Secretary of State Bev Clarno.

“Protecting the privacy of student records and ensuring the security of data the department collects, shares, and stores is of high importance,” said Secretary of State Bev Clarno. “Strong and fully implemented security defenses are the only way to ensure this protection.”

Auditors concluded the agency has implemented, or partially implemented, the majority of the cybersecurity controls reviewed during this audit. This includes tools for managing hardware and software inventories, tools for identifying and remediating security weaknesses, and implementing agency wide security awareness trainings.

However, the audit also identified specific areas where ODE could improve security controls. In particular, the agency does not have a formal security management and compliance program that establishes a framework for assessing risk, developing and implementing effective security procedures, and monitoring the effectiveness of those procedures. In addition, although ODE performs many critical security tasks, significant work remains to fully implement and mature all six basic cybersecurity controls.

Read the full audit on the Secretary of State website.

Article Topic Follows: Oregon-Northwest
cybersecurity
oregon department of education

Jump to comments ↓

KTVZ News Team

BE PART OF THE CONVERSATION

KTVZ NewsChannel 21 is committed to providing a forum for civil and constructive conversation.

Please keep your comments respectful and relevant. You can review our Community Guidelines by clicking here

If you would like to share a story idea, please submit it here.

Skip to content