Audit Objective
Determine whether Putnam Valley Central School District’s (District) officials ensured information technology (IT) systems were adequately secured and protected against unauthorized use, access and loss.
Key Findings
District officials did not ensure IT systems were adequately secured and protected against unauthorized use, access and loss. Officials did not adopt a password security policy or manage the use of administrative accounts. As a result, the District has an increased risk of unauthorized use or access that could result in important data loss and a serious interruption in operations. Officials did not:
- Adopt an adequate password security policy to address password requirements.
- Create secondary user accounts for the IT system for three employees whose job responsibilities required administrative permissions, to be used for non-administrative activities.
In addition, sensitive IT control weaknesses were communicated confidentially to officials.
Key Recommendations
- Adopt comprehensive password security policy to address password requirements.
- Assess all local user accounts with administrative permissions and create secondary accounts to be used for non-administrative activities.
District officials generally agreed with our recommendations and indicated they planned to take corrective action.