Background
The Cairo-Durham Central School District (District) serves the Towns of Cairo, Durham, Athens, Catskill, Coxsackie and Greenville in Greene County, Conesville in Schoharie County, and Rensselaerville in Albany County.
The District is governed by a Board of Education (Board) composed of nine elected members. The Board is responsible for developing policies, rules and regulations for managing the District.
The School Network Administrator is responsible for managing the District’s IT access. The District uses network and web resources to support business operations, including financial records, student records, online banking, and communication.
Quick Facts
- Employees 269
- Enrollment 1,200
- 2016-17 Appropriations $28,966,155
- 2016-17 IT Budget $839,022
Audit Period
- July 1, 2015 – June 27, 2017
- We extended our scope to the end of fieldwork (October 6, 2017) to complete computer testing.
So to cut to the chase, here’s a summary of some of the key findings:
The District’s IT policies and procedures were not adequate. Although the District had computer/Internet use policies, they have not been revised for changes in technology since December 2006.
In addition, the Board has not adopted policies and procedures for personal, private and sensitive information (PPSI) data classification, wireless security, managing mobile computing and storage devices, and cybersecurity training.
The District also does not have written procedures for granting, changing and terminating access rights to the networked computer system and to specific software applications.
The District does not provide, or require employees to attend, any formal cybersecurity awareness training. As a result, there is an increased risk that District employees will compromise District IT assets and security, placing the District at greater risk.
Let’s just stop there as this was painful to read. You can access the full report with the district’s response here (pdf).