This audit found the Province of Manitoba is not adequately controlling privileged access rights to prevent unauthorized users from accessing its information systems.
We looked at the controls in place to manage privileged access for information systems within the Department of Labour, Consumer Protection and Government Services, and at Shared Health.
Adequate controls are needed to ensure only authorized users have privileged access to these systems, allowing them to modify users’ privileges, change system configurations, and alter security settings.
Without adequate controls, there is a greater risk that cyber threat actors could gain privileged access, resulting in data theft, operational disruptions, system outages, and financial losses.
We found the Province is not adequately controlling privileged access rights to prevent unauthorized access to its information systems. Our IT audit report includes 5 recommendations.
Published: October 2022
Sector: Government Operations
Click here to view a short video of Auditor General Tyson Shtykalo discussing the report:
REPORT AT A GLANCE
