Posted at: 06/23/2009 6:49 PM | KSAX.com
By: Becky Nahm
Print Story  Email to a Friend

AUDIT: Retirement System Lacked Network Security

 Read the full report

An audit showed the Minnesota system that administers retirement and other benefits to state and public employees lacked plans and policies to protect the security of its data and computers.

The Office of the Legislative Auditor released a report on the Minnesota State Retirement System, or MSRS, Tuesday.

The audit identified eight problems, including poor firewall and wireless security controls. It also found, MSRS failed to utilize strong password controls, encrypt sensitive data and restrict employee access to some computer systems.

The problems could've left MSRS open to computer tampering. MSRS has already taken steps to correct the problems identified in the audit.

A letter from David Bergstrom, MSRS executive director, was included in the report.

Bergstrom wrote that the results of the audit matched up with tests conducted two years ago. Since then the MSRS took steps to improve system security and even hired a full-time security systems engineer.

Bergstrom wrote, "We believe that we've made good progress, especially within the past year, to enhance our security controls. Yet we realize that we have considerable work to do to get to where we would like our IT security environment to be."

He wrote that MSRS plans to implement the auditor's recommendations for correcting each of the eight problems.