Issued Date
November 30, 2018
Audit Objective
Determine whether College officials adequately safeguarded the College website, financial and student information system and online banking from unauthorized access and misuse.
Key Findings
- The College has:
- 824 network user accounts (15 percent) that have not been used within the last six months and do not match current employees.
- Four network user accounts with unnecessary administrative permissions and 131 financial and student information system user accounts with questionable permissions.
- Employees responsible for safeguarding the College website are not required to attend cybersecurity training.
In addition, sensitive information technology (IT) control weaknesses were communicated confidentially to College officials.
Key Recommendations
- Enforce written policy for managing network and system access.
- Ensure employees receive relevant cybersecurity training at least annually.
- Address the confidentially communicated IT recommendations.
College officials generally agreed with our recommendations and have initiated or indicated they planned to initiate corrective action.