DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Port Jefferson Union Free School District IT assets not adequately secured – audit

Posted on April 24, 2014 by Dissent

As it has done with other school districts, the NYS Comptroller’s Office has released its audit of Information Technology for the Port Jefferson Union Free School District. The audit covered the period July 1, 2012 — August 31, 2013.

Here’s a snippet from their report findings:

The Board and District officials need to improve controls over the District’s IT assets. The Board has not established a computer use policy for employees to define appropriate user behavior or procedures to ensure the security of the District’s IT system. The Treasurer has administrative rights to the District’s financial software that allow her to control and use all aspects of the financial software application, which creates the opportunity for the manipulation and concealment of transactions. Also, the District’s vendor master file is outdated with inactive vendors and duplicate names for the same vendors.

In addition, the District has no controls in place over remote access, such as user authorizations, policies or monitoring, and has not enabled the audit trail function for its network operating system. Therefore, the District cannot ensure accountability for unauthorized users, reconstruction of events, intrusion detection, and problem identification. Finally, physical security over the District’s server room is inadequate, and the District’s computer asset inventory record is incomplete and inaccurate. As a result, the District’s IT resources are subject to an increased risk of unauthorized access, manipulation, theft and loss.

You can read the full report and recommendations here (pdf). Because of the sensitive nature of the information involved, not all details were disclosed in the report, but a list of recommendations was included.

Category: Commentaries and AnalysesEducation SectorU.S.

Post navigation

← 150 doctors target of tax fraud in NH, Vt., Shaheen says
Ca: Federal Privacy Commissioner’s Office loses backup drive with personal information →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • CISA Alert: Updated Guidance on Play Ransomware
  • Almost one year later, U.S. Dermatology Partners is still not being very transparent about their 2024 breach
  • Oklahoma Expands its Security Breach Notification Law
  • Ransomware group Gunra claims to have exfiltrated 450 million patient records from American Hospital Dubai.
  • North Shore University Sleep Disorders Center employee charged with secretly recording patients in restrooms
  • When ransomware listings create confusion as to who the victim was
  • Rajkot civic body’s GIS website hit by cyber attack, over 400 GB data feared stolen
  • Taiwan’s BitoPro hit by NT$345 million cryptocurrency hack
  • Texas gastroenterology and surgical practice victim of ransomware attack
  • Romanian Citizen Pleads Guilty to ‘Swatting’ Numerous Members of Congress, Churches, and Former U.S. President

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious
  • Florida ban on kids using social media likely unconstitutional, judge rules
  • State Data Minimization Laws Spark Compliance Uncertainty

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.