Ventura County Grand Jury • 2005-2006

Security of Vital Ventura County Data-Processing

Published: April 28, 2006 4 pages
View Original PDF

Findings and Recommendations 14 findings

F01
The ISD facilities on the Lower Plaza of the Hall of Administration include offices, communications equipment, computer mainframe, network servers, and telephone switches for Ventura County operations.
No recommendations for this finding
F02
The mainframe, servers, and routers are located below grade with cables below the floors.
No recommendations for this finding
F03
Telephone switches are located below grade.
No recommendations for this finding
F04
The ISD maintains limited backup capability for E-mail and Internet connections in a building adjacent to the Camarillo Airport.
No recommendations for this finding
F05
Much of the Oxnard Plain — especially the entire area surrounding the Camarillo Airport — is designated as subject to liquefaction on California Geological Survey maps [Ref-01].
No recommendations for this finding
F06
The ISD maintains backup capability for payroll and VCIJIS adjacent to the Emergency Operations Center in the basement of the Ventura County Jail.
No recommendations for this finding
F07
The Emergency Operations Center and Sheriff’s Dispatch Center have been repeatedly flooded by backed-up sewer lines.
No recommendations for this finding
F08
In case of a severe storm, the Lower Plaza of the Hall of Administration and the basement of the Jail might be subject to flooding.
No recommendations for this finding
F09
In case of an earthquake, the Lower Plaza of the Hall of Administration and the basement of the Jail might be subject to inundation by broken water or sewer lines.
No recommendations for this finding
F10
In case of an earthquake, liquefaction might render structures in the area of the Camarillo Airport unsafe and unusable. Security of Sensitive Data
No recommendations for this finding
F11
Daily backups of server data are prepared by ISD. These include payroll and personnel data.
No recommendations for this finding
F12
The daily data backups are not encrypted on the removable backup media.
Related Recommendations (1)
R03
When backing-up data, all files should be encrypted before release outside of the ISD. Only designated security personnel within ISD should have access to the related decryption keys. (C-03) Responses Responses Required From: Ventura County Information Services Department (R-01, R-02, and R-03) Bibliography References Ref-01. The map is available via the Web at . Ref-02. “Data storage firm apologizes for loss of railroad data tapes”, The Boston Globe, April 28, 2006. This article describes how removable media containing sensitive archived employee data of the Long Island Railroad were lost by or stolen from the archiving firm Iron Mountain, Inc. The article also cites prior such losses by Bank of America and Fidelity Investments and indicates that 75 such losses occurred nationally in the first four months of 2006. (This page intentionally blank)
F13
Under a contract with ISD, a commercial service picks up removable media containing backed-up data and stores these media in a remote archive.
No recommendations for this finding
F14
The loss or theft of removable data media is a recognized problem affecting financial institutions, government agencies, colleges, and other organizations. Instances of this loss may lead to the compromise of sensitive data and the possibility of identity theft using those data [Ref-02]. Conclusions C-01. In the event of a flood or earthquake, the County is at risk of losing the ability to conduct business through its computer systems, not only in the main ISD facility in the Hall of Administration but also in backup facilities in the Jail and at the Camarillo Airport. (F-01, F-02, F-04, F-05, F-06, F-07, F-08, F-09,
No recommendations for this finding

Conclusions 2

Agency Responses 1

Government agencies' official responses to this report's findings and recommendations. Click on a response to see the structured breakdown.