Skip to Content

Login   Subscribe   Site Index   Contact Us   Google Translate™

NYS Comptroller

THOMAS P. DiNAPOLI

Audits of Local Governments and School Districts

Report Highlights

Suffolk County Community College - Information Technology (2018M-130)

Released: November 30, 2018 -- [read complete report - pdf]

Audit Objective

Determine whether College officials adequately safeguarded the College website, financial and student information system and online banking from unauthorized access and misuse.

Key Findings

  • The College has:
    • 824 network user accounts (15 percent) that have not been used within the last six months and do not match current employees.
    • Four network user accounts with unnecessary administrative permissions and 131 financial and student information system user accounts with questionable permissions.
  • Employees responsible for safeguarding the College website are not required to attend cybersecurity training.

In addition, sensitive information technology (IT) control weaknesses were communicated confidentially to College officials.

Key Recommendations

  • Enforce written policy for managing network and system access.
  • Ensure employees receive relevant cybersecurity training at least annually.
  • Address the confidentially communicated IT recommendations.

College officials generally agreed with our recommendations and have initiated or indicated they planned to initiate corrective action.

Background

The Suffolk County Community College (College) is governed by a Board of Trustees (Board), which is composed of nine appointed members and one elected student trustee. The Board is responsible for the general oversight of operations including adopting policies to safeguard IT assets.

The Vice President for IT Services oversees IT operations and is responsible for securing IT assets, including the website and the financial and student information system. The Vice President for Business and Financial Affairs, is responsible for overseeing business operations which includes online banking.

Quick Facts
2017-18 IT Appropriations $8.1 million
Employees 5,002
Servers 82
Computers (including laptops and tablets) 4,571
Network User Accounts 5,426

Audit Period

September 1, 2015 – October 31, 2017


Local Government and School Accountability Contact Information:

Phone: (518) 474-4037; Email: localgov@osc.ny.gov
Address: Office of the State Comptroller, Division of Local Government and School Accountability
110 State Street, 12th Floor; Albany, NY 12236