[read complete report - pdf]

Audit Objective

Determine whether Naples Central School District (District) officials ensured network access controls were secure.

Key Findings

District officials did not ensure that the District’s network access controls were secure.

• Officials did not regularly review network user accounts and permissions to determine whether they were appropriate or needed to be disabled.
• The District had 63 unneeded network user accounts that had not been used in at least six months.

In addition, sensitive information technology (IT) control weaknesses were communicated confidentially to officials.

Key Recommendations

• Regularly review network user accounts and disable those that are unnecessary.
• Ensure all IT users have and use their own network user accounts to access the District’s network.

District officials agreed with our recommendations and have initiated or indicated they planned to initiate corrective action.