Readers may want to read the full LaFargeville report, linked below, because it provides information to school districts about best practices and recommendations for how to accomplish certain security goals.
LaFargeville Central School District – Information Technology (Jefferson County)
Key Findings
District officials did not establish adequate IT controls over physical IT assets and non-student user account access to the District’s network. In addition to sensitive IT control weaknesses that were communicated confidentially to officials, we found:
- 235 IT assets costing $108,462 were not recorded in the District’s inventory records, and seven computers, two audio systems, one projector and 10 other electronic components that cost $9,266 could not be found.
- No physical access or environmental controls over the server room.
- Improperly managed network user accounts.
- The District’s disaster recovery plan was outdated, inadequate and not tested.
Read the complete report (pdf).
Otego-Unadilla Central School District – Information Technology (Otsego County)
Key Findings
The Board and District officials did not ensure computerized data was safeguarded. In addition to sensitive IT control weaknesses that we communicated confidentially to District officials, we found:
- The District had 58 unneeded user accounts.
- Officials did not provide IT security awareness training.
- The Board did not adopt a written IT contingency plan.
Read the complete report (pdf)