[read complete report - pdf]

Audit Objective

Determine whether City of Peekskill (City) officials ensured information technology (IT) systems were adequately secured and protected against unauthorized use, access and loss.

Key Findings

Officials did not adequately secure and protect the City’s IT systems against unauthorized use, access and loss.

• Adequate IT policies and a disaster recovery plan were not developed or adopted.
• Internet usage was not monitored and the Acceptable Use Policy (AUP) which describes what constitutes appropriate and inappropriate use of IT resources was not enforced.
• Network User Accounts were not adequately managed.
• IT security awareness training was not provided.

Sensitive IT control weaknesses were communicated confidentially to officials.

Key Recommendations

• Adopt comprehensive IT policies and a disaster recovery plan.
• Provide periodic IT security awareness training to all employees who use IT resources.

District officials generally agreed with our recommendations and indicated they plan to initiate corrective action.