ebook img

Criminal Justice Information Network (CJIN), Department of Justice : information system audit PDF

2004·0.53 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Criminal Justice Information Network (CJIN), Department of Justice : information system audit

s 353.39 L72aiN 2004 Legislative Audit Division State ofMontana Report to the Legislature November 2004 Information System Audit Criminal Justice Information Network (CJIN) Department ofJustice This report contains the results ofan information system audit ofthe Department ofJustice CJIN operation. The report contains four recommendations to strengthen CJIN security. Direct comments/inquiries to: Legislative Audit Division Room 160, State Capitol PO Box 201705 04DP-08 Helena MT 59620-1705 Help ehminate fraud, waste, and abuse in state government. Call the Fraud Hotline at 1-800-222-4446 statewide or 444-4446 in Helena. MontanaStateLibrary '" ")!!'!"|i'i|ir 3 0864 1003 2654 8 INFORMATION SYSTEM AUDITS Information System (IS) audits conducted by the Legislative Audit Division are designed to assess controls in an IS environment. IS controls provide assurance overthe accuracy, reliability, and integrity ofthe information processed. From the audit work, a determination is made as to whethercontrols exist and are operating as designed. Inperformingthe audit work, the audit staff uses audit standards set forthbythe United States Government Accountability Office. Members ofthe IS audit staffhold degrees in disciplines appropriate to the audit process. Several staffhold certifications in information industry practices and auditing. Areas ofexpertise include business, accounting and computer science. IS audits are performed as stand-alone audits ofIS controls or inconjunction with financial- compliance and/orperformance audits conducted by the office. These audits are done underthe oversight ofthe Legislative Audit Committee which is abicameral and bipartisan standing committee ofthe Montana Legislature. The committee consists ofsix members ofthe Senate and six members ofthe House ofRepresentatives. MEMBERS OF THE LEGISLATIVE AUDIT COMMITTEE SenatorJohn Cobb Representative Dee Brown SenatorMike Cooney Representative TimCallahan SenatorJim Elliott, Vice Chair Representative Hal Jacobson SenatorJohn Esp Representative John Musgrove SenatorDanHarrington Representative JeffPattison, Chair SenatorCorey Stapleton Representative Rick Ripley LEGISLATIVE AUDIT DIVISION Scott A. Seacat, Legislative Auditor Deputy Legislative Auditors: John W. Northey, Legal Counsel JimPellegrini, Performance Audit & Tori Hunthausen, IS Audit Operations James Gillett, Financial-Compliance Audit November 2004 The Legislative Audit Committee ofthe Montana State Legislature: TheLegislative Audit Division Information Systems auditors conducted anaudit ofthe Montana Department ofJustice Criminal Justice InformationNetwork. The audit was limited to the review ofDepartment ofJustice compliance with state statutes requiring system security. This report contains four recommendations addressing Department ofJustice security controls operation. Department ofJustice management's response to these recommendations is located at the end of thereport. Respectfiilly submitted, Scott A. Seacat Legislative Auditor Room 160, StateCapitol BuildingPO Box201705 Helena, MT 59620-1705 Phone(406)444-3122 FAX (406)444-9784 E-Mail [email protected] Digitized by the Internet Archive in 2010 with funding from IVIontana State Library http://www.archive.org/details/criminaljusticei2004mont Legislative Audit Division Information System Audit Criminal Justice Information Network (CJIN) Department ofJustice Members ofthe audit staffinvolved in this audit were George R. Brown, Charles Nemec, and Dale Stout. Table of Contents Elected, Appointed andAdministrative Officials ii Chapter 1 - Introduction and Background 1 Introduction and Background 1 ReasonablePrecautions 1 Compliance Requirements 2 Audit Objective, Scope, and Methodology 3 Results 4 Chapter 2 - CJIN Security 5 Firewall Operation 5 Firewall Operation and Its Importance 5 Software Updates 6 Software Updates andTheir Importance 6 SecurityPlan 8 Security Planning and Its Importance 8 CJDSf Contingency Plan 9 Contingency Planning and Its Importance 9 Department Response A-1 Department ofJustice A-3 Page i Elected, Appointed and Administrative Officials Department ofJustice Mike McGrath, Attorney General Larry Fasbender, Deputy Director/ChiefofStaff InformationTechnology Services Division Steve Tesinsky, Administrator Criminal Justice Information Service Bureau Nancy Bloom, Acting Bureau Chief Page ii Chapter 1 - Introduction and Background Introduction and The Montana Legislature authorized a permanent law enforcement Background communications system and mandated the Montana Attorney General, who is also Directorofthe Montana Department ofJustice (Justice), to establish and operatethe system. The Montana Department ofJustice built the Criminal Justice Information Network (CJIN) forthis purpose. The Attorney General is vested withthe authorityto administerall operational phases ofCJEN and Department ofJustice staffareresponsible for CJIN's daily operation. CJIN is availableto law enforcement agencies designated in statute, established bythe governor's executive order, orapproved bythe Montana Attorney General. We audited CJINdue to its importance as a primarypublic safety communications system. CJIN cormects local agencies to state criminal history files, state vehicle and driver's license files, and priority or "hot" files. CJESI connects Montanato national agencies such as the Federal Bureau ofInvestigation (FBI) and out-of-state resources such as the National Law Enforcement Telecommunications Systemand the National Crime Information Center (NCIC). CJIN is not only arecord exchange systembut also an identificationtool providing real-time informationto law enforcement officers operating in the field. CJIN is visibleto the public as the tool law enforcement officers use in the fieldto identify people and vehicles. For example, a law enforcement officer accesses CJEN via radio ormobile data terminal when making a traffic stop. Currently, there are approximately 130 Montana law enforcement agencies using CJIN. Reasonable Precautions The legislature established CJIN as a permanent law enforcement telecommunications system in 1967 and laterupdated statutes governing CJIN withthe "Montana Criminal JusticeInformation Act of 1979." Page 1 Chapter 1 - Introduction and Background The 1979 legislature recognized system securitybymandating law enforcement agencies protect criminaljustice information systems undertheircontrol. Statutes require agencies take reasonable precautions and establishprocedures to protect the systemanddata from damage, to prevent damage fromhazards andto recover from hazards. Compliance Requirements State law and written agreement with the U.S. Department ofJustice designate the Montana Department ofJustice as the agency responsible for CJIN. Montana Department ofJustice directly operates the "core" CJIN network, whichholds Montana data and is the entry point forinteracting with agencies outside ofthe state. The "core" end ofthenetworkis located inHelena. Each local law enforcement agency is responsible fordata, staffand equipment security and operationat its end ofthe network. This responsibility is established in a written agreement betweenthe Attorney General and the local agency. Forthis audit, wereviewedCJIN operations to determine ifthe Montana Department ofJustice is meeting statutory intent bytaking reasonable precautions toprotect CJEvT fromhazards. We identified state laws applicable to CJIN and determined that security related statutes arethe important CJIN compliance requirement. Since CJIN is the entry pointto Montana residents' driver's licenses, vehicle records, and criminal file information, CJIN security controls the access to this information. Security is also important because CJIN must be available to law enforcement officers forimmediateuse andprotecting CJIN equipment is essential to maintaining availability. Department ofJustice persormel operate CJIN to comply with state statutory requirements. These key requirements are summarized as follows: Page 2

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.