Audit Objective
Determine whether Port Byron Central School District (District) officials ensured network user account controls were secure.
Key Findings
District officials did not ensure that the District’s network user account controls were secure.
- District officials did not establish written policies or procedures to add or disable user accounts.
- The District had a total of 19 unneeded network user accounts including 14 non-student accounts, four shared accounts and one generic account.
Sensitive information technology (IT) control weaknesses were communicated confidentially to officials.
Key Recommendations
- Establish written policies or procedures for managing network user accounts.
- Regularly review network user accounts and disable those that are unnecessary.
- Routinely evaluate shared user accounts and disable those that are no longer needed.
Officials generally agreed with our recommendations and initiated or indicated they plan to initiate corrective action.