Internal Audit has released a new redacted report covering the adequacy of the City's technology network security controls, including its information technology management framework, user account and access management, and network security activities.
In general, the City has implemented security controls to safeguard its technology network. That being said, it has not established an information technology governance framework or security controls framework to guide these activities. While processes have been developed to grant, change, and disable access to the network, role-based group access, additional monitoring, and standardized authorization documentation would provide further assurance that all access is appropriate.
Due to the sensitive nature of technology security control information detailed findings from this audit are considered confidential per Texas Government Code Section 552.139; however, a redacted Audit of Network Management: Security Controls (PDF) report has been made available for public use and reference.