ALBANY – An audit by the State Comptroller’s Office has determined that City of Peekskill officials did not adequately secure and protect the city’s information technology systems against unauthorized use, access and loss.
The audit found:
- Adequate IT policies and a disaster recovery plan were not developed or adopted.
- Internet usage was not monitored and the Acceptable Use Policy which describes what constitutes appropriate and inappropriate use of IT resources was not enforced.
- Network User Accounts were not adequately managed.
- IT security awareness training was not provided.
It also said sensitive IT control weaknesses were communicated confidentially to officials.
Key recommendations include adopting comprehensive IT policies and a disaster recovery plan, and providing periodic IT security awareness training to all employees who use IT resources.
City officials generally agreed with the recommendations of the audit and indicated they plan to initiate correction action.