Determine whether the Board and District Officials ensured District information technology (IT) assets and computerized data were safeguarded.
- The Board and District officials have not adopted adequate IT security policies and procedures.
- District officials did not provide IT security awareness training for District employees.
In addition, sensitive IT control weaknesses were communicated confidentially to District officials.
- The Board and District officials should adopt comprehensive IT security policies, procedures and plans to safeguard computerized assets and data.
- Provide periodic IT security awareness training to personnel who use IT resources.
District officials generally agreed with our recommendations and indicated they are in the process of taking corrective action.