The City Auditor’s Office contracted with Berry Dunn McNeil & Parker, LLC (BerryDunn) for a wireless network security audit to evaluate the design, implementation, and effectiveness of the wireless network controls. This work included a governance review of policies and procedures, and a technical review of the related security controls.
The governance review recommended formalizing hardening standards for wireless network components, defining log retention periods, and updating technology policies and procedures annually.
No significant issues were identified in the vulnerability assessment. Overall, security, encryption, and authentication protocols implemented were at acceptable levels for enterprise class wireless networks. Recommended configuration enhancements included not reusing passphrases and reducing the number of wireless IDs used.
The department agreed with the recommendations and plans to complete implementation by the end of calendar year 2023.