Oyster Bay-East Norwich Central School District - Information Technology (2018M-22)

Issued Date

June 01, 2018

Audit Objective

Determine whether District officials ensured that the personal, private and sensitive information (PPSI)1 maintained on the District’s financial server was adequately protected from unauthorized access, use and loss.

Key Findings

District officials did not:

Provide cybersecurity awareness training to all employees.
Disable or remove unnecessary user accounts in a timely manner.

Sensitive information technology (IT) control weaknesses were communicated confidentially to officials.

Key Recommendations

Provide employees with periodic cybersecurity awareness training.
Ensure user accounts are disabled or deleted as soon as no longer needed.
Address the IT recommendations communicated confidentially.

District officials generally agreed with our recommendations and have initiated, or indicated they planned to initiate, corrective action.

Background

The Oyster Bay-East Norwich Central School District (District) serves the Town of Oyster Bay in Nassau County. The Board of Education (Board), which comprises seven elected members, is responsible for the general management and control of the District’s educational and financial affairs. The Superintendent of Schools, the District’s chief executive officer, along with the Assistant Superintendent for Finance and Operations, are responsible for the District’s day-to-day management under the Board’s direction.

Quick Facts
Schools	3
Students	1,573
Employees	458

Audit Period

July 1, 2015 – October 23, 2017