[read complete report here - pdf]
Audit Objective
Determine whether Bayport-Blue Point Union Free School District (District) officials established adequate nonstudent network user account controls.
Key Findings
District officials did not establish adequate network controls for nonstudent user accounts to help prevent unauthorized access. As a result, the District has an increased risk of unauthorized access to and use of the District network and potential loss of important data. In addition to sensitive information technology (IT) control weaknesses that were confidentially communicated to officials, we found the Database Coordinator did not:
- Disable 281 nonstudent network user accounts that are unneeded or unnecessary to prevent unauthorized access and use.
Key Recommendations
- Disable unneeded or unnecessary network user accounts as soon as they are no longer needed and regularly review network user accounts for necessity.
District officials generally agreed with our recommendations and have initiated or indicated they planned to initiate corrective action. Appendix B includes our comments on issues raised in the District’s response letter.