DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Audit of Broome County discusses need for control of USB devices

Posted on May 23, 2014 by Dissent

The Office of the NYS Comptroller has released its audit of Broome County‘s information technology for the period January 1, 2012 — August 20, 2013.  From their summary:

Local governments use and maintain data that contains PPSI. PPSI is any information where unauthorized access, disclosure, modification, destruction or disruption of access or use could severely impact the County’s critical functions, employees, customers or third parties or the citizens of New York. For example, private information could include the following: Social Security number; driver’s license number or non-driver ID; account number, credit card or debit card number and security code, access code or password that permits access to an individual’s financial account. With the advancement of modern technology, the safeguarding of PPSI has become increasingly critical. Policies regarding the protection of PPSI should be developed and enforced by IT officials, including but not limited to the use of removable USB storage devices. If IT controls are unable to prevent the use of unauthorized or unencrypted storage devices, the risk to data security is significant.

We found that while the County does have a policy regarding USB removable media, they are not monitoring or enforcing the policy. County IT officials told us that each department has the ability to order office supplies, including USB removable media on account. The IT Department does not have the capability to monitor or prevent unauthorized use of USB removable devices while still being able to allow authorized devices to operate. County IT officials also stated they did not aggressively monitor the use of USB media because it was determined that they are integral for some departments’ operations.

You can access the audit report here (pdf).

Category: Commentaries and AnalysesGovernment Sector

Post navigation

← San Diego State University notifies students of information exposure
Why Investors Just Don’t Care About Data Breaches →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Banks Want SEC to Rescind Cyberattack Disclosure Requirements
  • MathWorks, Creator of MATLAB, Confirms Ransomware Attack
  • Russian hospital programmer gets 14 years for leaking soldier data to Ukraine
  • MSCS board renews contract with PowerSchool while suing them
  • Iranian Man Pleaded Guilty to Role in Robbinhood Ransomware
  • Developments surrounding data breach at Dutch police
  • Estonia launches international search for Moroccan citizen wanted over data theft
  • Now it’s Tiffany: Another LVMH luxury brand hit by hackers
  • Dutch Government: More forms of espionage to be a criminal offence from 15 May onwards
  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The CCPA emerges as a new legal battleground for web tracking litigation
  • U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.