Denver lacks a comprehensive program to assess potentially disastrous cybersecurity risks, City Auditor Tim O’Brien said in a new report.
The city’s current approach can best be described as “informal,” O’Brien said, particularly when it comes to oversight of independent city agencies or cultural facilities — like the Denver Art Museum and Denver Zoo — that operate on subnetworks tied into the city’s broader system.
O’Brien cataloged his office’s findings in an audit report released Thursday.
The report is the product of a review of city data, processes and planning efforts over two years — from Jan. 1, 2022, through Dec. 31, 2023.
The audit team found that city staff did not consistently complete quarterly mandatory cybersecurity training. The city also lacks a specific training regime for employees responsible for citywide information technology risk management.
Click here to see the full forecast from our partners at The Denver Post.
