Report finds California government IT security flaws

California's state auditor raised alarms about information security in some state offices and called for additional oversight and regular assessments.

The report from Auditor Elaine Howle comes in the midst of scrutiny of how companies and governments alike handle the data of customers and citizens and as governments grapple with the threat of hackers who might steal information or shut down computer systems.

Howle's office surveyed 33 government entities that aren’t currently required to meet the sort of information security standards mandated for cabinet-level departments and other executive branch agencies. The auditor's office found what it labeled "high risk deficiencies" at 21 of those entities.

While state agencies in the executive branch of government must typically follow information security standards prescribed by the California Department of Technology, the offices of directly elected officials and other branches like the judiciary don’t necessarily have to abide by those same standards. While many do, the report argued most of those aren’t adequately addressing information security.