The Security Self- Assessment is intended to help personnel responsible for the day-to-day management of IT operations exercise effective IT operation oversight. The Self-Assessment addresses key areas of IT internal controls such as policy, training, access and contingency planning.

From 2019 through July 31, 2023, DiNapoli’s Local Government and School Accountability division released more than 190 information technology (IT) audits, finding more than 2,400 cybersecurity-related issues. The audits focused on breakdowns or gaps in fundamental cybersecurity components. The most common areas where improvement and corrective action were needed included cybersecurity governance aspects such as training in IT security awareness, policies and procedures, and the need for contingency plans.

The purpose of this bulletin is to provide accounting and financial reporting guidance for subscription-based information technology arrangements (SBITAs) and illustrate how local governments and school districts will need to account for and report these SBITAs in the Annual Financial Report (AFR) and the ST-3. | Reasonably Certain Template [.xlsx]

The City of Schenectady recently began installing energy saving LED street lights and expanding wireless connectivity to certain neighborhoods as part of its Smart City Project. Other local governments across New York State are also turning to new technologies to save money, better communicate with residents and allow taxpayers to make payments online. The report notes that local government leaders should be prepared to systematically address the heightened need for cybersecurity, particularly concerning smart infrastructure devices and related data.

As New York State struggles to meet the challenges of its current fiscal crisis, State policy makers must find ways to encourage growth in various sectors of the State’s economy to ensure the long-term fiscal health of the State. Small businesses – including those owned by minorities and women – are a vital part of that economy.

Along with technological advances comes the responsibility to protect confidential information adequately so that it cannot be accessed by unauthorized individuals. Failure to do so can come at a considerable financial cost.

The purpose of this guidance is to provide a basic overview of wireless technology and security. There are a number of steps that local governments and school districts can take to help mitigate the risks of wireless technology. Although wireless environments and their related security systems can be quite complex, a government personnel can implement effective controls with relative ease and without incurring additional cost.

Malicious software, or malware, refers to software programs that are designed to harm computer systems. These programs can wreak havoc on both systems and electronic data by, for example, deleting files, gathering sensitive information such as passwords without the computer user’s knowledge and making systems inoperable. Computer users can inadvertently install malware on their computers by many methods, including opening email attachments, downloading content from the Internet or merely visiting infected websites.

The following guidance is intended to make oversight less daunting by providing a path for understanding and strengthening IT internal controls.

The impact of an unplanned IT disruption involving the corruption or loss of data or other computer resources could significantly curtail an organization’s operations. Proactively anticipating and planning for IT disruptions prepares personnel for the actions they must take if this happens.