Determine whether the District’s information technology (IT) system was adequately secured and protected against unauthorized use, access and loss.
- Employees accessed websites for social networking, shopping, travel, entertainment and blogging.
- District officials did not properly secure the server room.
In addition, sensitive IT control weaknesses were communicated confidentially to District officials.
- Develop procedures and controls that restrict access to inappropriate websites.
- Secure the server room so that only authorized individuals have access.
District officials agreed with our recommendations and indicated they have begun to initiate corrective action.