NYS Comptroller finds some significant lapses in HCSD IT security
MidHudson News is reporting an audit conducted by the state comptroller's office of the Hudson City School District's information technology systems has found that district officials failed to adequately secure and protect its IT systems against unauthorized use, access and loss. The audit also found the school board and district officials did not adopt adequate IT policies or a disaster recovery plan. They did not ensure the acceptable use policy was complied with, monitor the use of IT resources or provide IT security awareness training. The comptroller's office also determined there was questionable Internet usage on four of six computers tested. District officials also failed to disable 123 of the 462 enabled network accounts the auditors examined. The 123 user accounts were unneeded and included generic and former employee accounts. The comptroller's office noted that other, more sensitive IT control weaknesses were communicated confidentially to school officials. It was recommended the Hudson district adopt comprehensive IT policies and a disaster recovery plan; provide periodic IT security awareness training; and develop written procedures for managing system access. In a written response to the report, Hudson Superintendent Maria Suttmeier responded that at the time of the audit, "...planning was already underway to address many of the identified deficiencies. Therefore, the district has already complied with many of the recommendations in the audit. The district was and still is in the process of transitioning and transforming its IT operations beginning with a change in staffing and related services. ..." The period covered by the audit was from July 1, 2018 through January 31, 2020. Read the full story at MidHudsonNews [dot] com.