Audit Objective

Determine whether Hilton Central School District (District) officials ensured network access controls were adequate.

Key Findings

District officials did not ensure that network access controls were adequate. As a result, data and personal, private and sensitive information (PPSI) are at greater risk for unauthorized access, misuse or loss. In addition to sensitive network access control weaknesses that we confidentially communicated to officials, we found that:

• District officials did not establish written policies or adequate written procedures for managing network user account access, including adding or disabling user accounts and permissions.
• The District had 230 unneeded enabled network user accounts, including those for former students, former employees and others who were no longer providing services to the District.

Key Recommendations

• Establish adequate written policies and procedures for managing network user account access.
• Regularly review network user accounts and disable unneeded accounts in a timely manner.

District officials agreed with our findings and indicated they have initiated corrective action.