A recent audit of the Maryland Department of Information Technology (DoIT) revealed that the agency has not yet fully complied with certain state laws to help ensure that information security goals are being met. According to the report, the DoIT had not yet fully implemented a system by which it would coordinate information technology security protocols across all state agencies, instead delegating this task to other, subordinate agencies. In turn, this led to none of these agencies fully meeting the IT security requirements developed by the state.
Unfortunately, the lack of effective implementation procedures for IT security requirements may have put some of the state’s sensitive data at risk. If it later comes to light that the DoIT’s lax security measures resulted in such a situation, lawyers for the state may be forced to initiate legal action. This illustrates the overwhelming importance of having effective guidelines and enforcement procedures in place.