Determine whether Port Byron Central School District (District) officials ensured network user account controls were secure.
District officials did not ensure that the District’s network user account controls were secure.
- District officials did not establish written policies or procedures to add or disable user accounts.
- The District had a total of 19 unneeded network user accounts including 14 non-student accounts, four shared accounts and one generic account.
Sensitive information technology (IT) control weaknesses were communicated confidentially to officials.
- Establish written policies or procedures for managing network user accounts.
- Regularly review network user accounts and disable those that are unnecessary.
- Routinely evaluate shared user accounts and disable those that are no longer needed.
Officials generally agreed with our recommendations and initiated or indicated they plan to initiate corrective action.