HUDSON – Hudson City School District officials did not adequately secure and protect the district’s information technology against unauthorizes use, access and loss, according to an audit by the state comptroller’s office.
The state report said the school board and district officials did not adopt an adequate IT policies or disaster recovery plan; did not ensure the acceptable use policy was complied with monitor, monitor the use of IT resources or provide IT security awareness training (four of six computers tested had questionable Internet use); and did not disable 123 of the 462 enabled network accounts examined.
Those 123 user accounts were unneeded and included generic or former employee accounts.
The state auditors recommended that the district adopt comprehensive IT policies and a disaster recovery plan, and provide periodic IT security awareness training to all employees who use IT resources; and develop written procedures for managing system access.
District officials agreed with the auditors’ recommendations and have initiated or indicated they planned for initiate corrective action.
