Information Technology

Information Technology Governance Security Self-Assessment Form

The Security Self- Assessment is intended to help personnel responsible for the day-to-day management of IT operations exercise effective IT operation oversight. The Self-Assessment addresses key areas of IT internal controls such as policy, training, access and contingency planning.

New York Local Government and School Cybersecurity: A Cyber Profile

From 2019 through July 31, 2023, DiNapoli’s Local Government and School Accountability division released more than 190 information technology (IT) audits, finding more than 2,400 cybersecurity-related issues. The audits focused on breakdowns or gaps in fundamental cybersecurity components. The most common areas where improvement and corrective action were needed included cybersecurity governance aspects such as training in IT security awareness, policies and procedures, and the need for contingency plans.

Accounting and Financial Reporting for Subscription-Based Information Technology Arrangements (SBITAs) as Required by GASB Statement No. 96

The purpose of this bulletin is to provide accounting and financial reporting guidance for subscription-based information technology arrangements (SBITAs) and illustrate how local governments and school districts will need to account for and report these SBITAs in the Annual Financial Report (AFR) and the ST-3. | Reasonably Certain Template [.xlsx]

Smart Solutions Across the State: Advanced Technology in Local Governments

The City of Schenectady recently began installing energy saving LED street lights and expanding wireless connectivity to certain neighborhoods as part of its Smart City Project. Other local governments across New York State are also turning to new technologies to save money, better communicate with residents and allow taxpayers to make payments online. The report notes that local government leaders should be prepared to systematically address the heightened need for cybersecurity, particularly concerning smart infrastructure devices and related data.

Taking Affirmative Action to Improve New York State’s MWBE Program

As New York State struggles to meet the challenges of its current fiscal crisis, State policy makers must find ways to encourage growth in various sectors of the State’s economy to ensure the long-term fiscal health of the State. Small businesses – including those owned by minorities and women – are a vital part of that economy.

Wireless Technology and Security

The purpose of this guidance is to provide a basic overview of wireless technology and security. There are a number of steps that local governments and school districts can take to help mitigate the risks of wireless technology. Although wireless environments and their related security systems can be quite complex, a government personnel can implement effective controls with relative ease and without incurring additional cost.

Ransomware

Malicious software, or malware, refers to software programs that are designed to harm computer systems. These programs can wreak havoc on both systems and electronic data by, for example, deleting files, gathering sensitive information such as passwords without the computer user’s knowledge and making systems inoperable. Computer users can inadvertently install malware on their computers by many methods, including opening email attachments, downloading content from the Internet or merely visiting infected websites.

Information Technology Contingency Planning

The impact of an unplanned IT disruption involving the corruption or loss of data or other computer resources could significantly curtail an organization’s operations. Proactively anticipating and planning for IT disruptions prepares personnel for the actions they must take if this happens.