[read complete report - pdf]

Audit Objective

Determine whether Highland Falls-Fort Montgomery Central School District (District) officials adequately managed and secured network user accounts.

Key Findings

The Technology Department could improve how they manage and secure network user accounts. Specifically:

• They did not establish comprehensive written procedures for managing network user accounts.
• Forty-eight network user accounts, including 22 non-student accounts, 16 generic accounts, and 10 student accounts, were unneeded and should have been disabled.

Sensitive information technology (IT) control weaknesses were communicated confidentially to officials.

Key Recommendations

• Establish comprehensive written procedures for managing network user accounts.
• Regularly review enabled network user accounts and ensure that unneeded user accounts are immediately disabled.

District officials agreed with our recommendations and have indicated they planned to initiate corrective action.