Determine whether Springville-Griffith Institute Central School District (District) officials adequately secured access to the network, student information and financial applications.
Although District officials restricted access to the student information application, they did not adequately secure access to the network and financial application. District officials did not:
- Disable unnecessary generic network user accounts.
- Properly restrict user permissions in the financial application.
In addition, sensitive information technology (IT) control weaknesses were communicated confidentially to District officials.
- Review generic network user accounts and ensure that unnecessary accounts are disabled.
- Review financial application user accounts and limit access rights and permissions based on a user’s job responsibilities and to properly segregate duties.
District officials agreed with our findings and recommendations and indicated that they planned to take corrective action.