Cazenovia Central School District - Information Technology (2019M-46)

Issued Date

July 03, 2019

Audit Objective

Determine whether District officials ensured that the personal, private and sensitive information (PPSI) on District servers and in the financial system was adequately protected from unauthorized access, use and loss.

Key Findings

District officials did not:

Provide cybersecurity awareness training to employees.
Disable and/or remove unnecessary user accounts on the network.
Properly manage PPSI data.

Sensitive information technology (IT) control weaknesses were communicated confidentially to officials.

Key Recommendations

Provide employees with periodic cybersecurity awareness training.
Adopt policies and procedures for adding, deleting and modifying user access rights.
Inventory, classify and develop controls over PPSI maintained and collected by the District.

District officials agreed with our recommendations and indicated they would initiate corrective action.

Background

Cazenovia Central School District (District) serves the Towns of Cazenovia, Fenner, Georgetown, Lincoln, Nelson and Sullivan in Madison County and the Town of Pompey in Onondaga County. The Board of Education (Board), which is composed of seven elected members, is responsible for the general management and control of the District’s educational and financial affairs. The Superintendent of Schools (Superintendent) is the chief executive officer and is responsible, along with other administrative staff, for the day-to-day management under the Board’s direction.

The District’s IT Department consists of a Technology Coordinator, who works remotely from South Carolina, two computer services technicians, a computer support technician and a computer support specialist.

Quick Facts
Number of Schools	3
Number of Students	1,432
Number of Employees	334
2018-19 Budget Appropriations	$29.7 million
Employee and Student User Accounts	1,840

Audit Period

July 1, 2017 – August 31, 2018