DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Audit of Broome County discusses need for control of USB devices

Posted on May 23, 2014 by Dissent

The Office of the NYS Comptroller has released its audit of Broome County‘s information technology for the period January 1, 2012 — August 20, 2013.  From their summary:

Local governments use and maintain data that contains PPSI. PPSI is any information where unauthorized access, disclosure, modification, destruction or disruption of access or use could severely impact the County’s critical functions, employees, customers or third parties or the citizens of New York. For example, private information could include the following: Social Security number; driver’s license number or non-driver ID; account number, credit card or debit card number and security code, access code or password that permits access to an individual’s financial account. With the advancement of modern technology, the safeguarding of PPSI has become increasingly critical. Policies regarding the protection of PPSI should be developed and enforced by IT officials, including but not limited to the use of removable USB storage devices. If IT controls are unable to prevent the use of unauthorized or unencrypted storage devices, the risk to data security is significant.

We found that while the County does have a policy regarding USB removable media, they are not monitoring or enforcing the policy. County IT officials told us that each department has the ability to order office supplies, including USB removable media on account. The IT Department does not have the capability to monitor or prevent unauthorized use of USB removable devices while still being able to allow authorized devices to operate. County IT officials also stated they did not aggressively monitor the use of USB media because it was determined that they are integral for some departments’ operations.

You can access the audit report here (pdf).

Category: Commentaries and AnalysesGovernment Sector

Post navigation

← San Diego State University notifies students of information exposure
Why Investors Just Don’t Care About Data Breaches →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Plastic surgeons often store nude photos of patients with their identity information. When would we call that “negligent?”
  • India: Servers of two city hospitals hacked; police register FIR
  • Ph: Coop Hospital confirms probe into reported cyberattack
  • Slapped wrists for Financial Conduct Authority staff who emailed work data home
  • School Districts Unaware BoardDocs Software Published Their Private Files
  • A guilty plea in the PowerSchool case still leaves unanswered questions
  • Brussels Parliament hit by cyber-attack
  • Sweden under cyberattack: Prime minister sounds the alarm
  • Former CIA Analyst Sentenced to Over Three Years in Prison for Unlawfully Transmitting Top Secret National Defense Information
  • FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Anne Wojcicki Wins Bidding for 23andMe
  • Would you — or wouldn’t you?
  • New York passes a bill to prevent AI-fueled disasters
  • Synthetic Data and the Illusion of Privacy: Legal Risks of Using De-Identified AI Training Sets
  • States sue to block the sale of genetic data collected by DNA testing company 23andMe
  • AI tools collect and store data about you from all your devices – here’s how to be aware of what you’re revealing
  • 23andMe Privacy Ombudsman Urges User Consent Pre-Data Sale

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.