Audit Objective
Determine whether Rockville Centre Union Free School District (District) officials monitored users’ compliance with the District’s acceptable Internet use policy (AUP).
Key Findings
District officials did not monitor users’ compliance with the District’s AUP. Of the 37 network users we reviewed:
- Fifteen network users (41 percent) accessed websites, such as shopping, entertainment and social media, on District computers although the District’s regulations for acceptable Internet use and computer resources and data management state that personal use is prohibited. As a result, the likelihood that a user’s Internet browsing exposes the District to malicious software that may compromise data confidentiality, integrity or availability is increased.
- Fifteen network users (41 percent) did not have signed forms acknowledging they received and reviewed the District’s AUP. This diminishes accountability and the District’s ability to protect District computers and the data contained therein.
- Six nonstudent network users (22 percent) did not receive information technology (IT) security awareness training. As a result, the risk that users will not understand their responsibilities and put personal, private and sensitive information (PPSI) on District computers at greater risk of misuse or loss is increased.
Key Recommendations
- Monitor network users’ Internet use on District computers and enforce compliance with the acceptable Internet use and computer resources and data management regulations.
- Limit the use of IT resources to only include District activities.
District officials generally agreed with our recommendations and indicated they have initiated or plan to initiate corrective action.