http://www.dailyherald.com/kane/main_story.asp?intID=3775583 By Charles Keeshan Daily Herald Staff Writer Posted May 14, 2003 McHenry County has no plan for how it would recover and reinstate tax records, property deeds and thousands of other files stored on its computers should the county government center in Woodstock suffer a natural or technological disaster. That was one of several criticisms leveled Tuesday at the county's Information Technology Department by an auditor examining how the county conducted its business during the last fiscal year. The department also lacks proper supervision, does not have adequate security measures in place and acts too slowly to deny fired workers access to county computers, according to the audit. "Procedures and controls need to be strengthened over at (Information Technology)," said Linda Abernathy, a representative of the county's auditing firm McGladrey and Pullen. The critique of the Information Technology Department was about the only fault in county practices Abernathy highlighted Tuesday when she detailed her firm's 160-page comprehensive annual financial report to the county board's finance committee. The findings were not unexpected by committee members or Information Technology Director Tom Sullivan, who said they're aware of the problems and are addressing them as quickly as possible. "I don't think there's anything in there that really surprises us," Sullivan said. "We're working on these things and we have to allocate some dollars to make it happen." Finance committee Chairman Marc Munaretto said the county is taking the criticism seriously and hopes to fix the problems outlined in the audit report by the end of the year. According to the report, auditors found three main flaws with how the county's information technology department - in charge of all computers and related technology - operates. First among them was the lack of a plan to keep county operations functioning in the event of severe computer problems. "Although tape back-up storage is maintained off-site, there is no written disaster recovery plan addressing such things as a site where to operate, how to procure necessary hardware, how much hardware would be necessary, how to install the backed-up information, testing the plan and responsibility for executing the plan," the report states. The report also outlines security issues with information technology, including employees sharing their passwords with co-workers, leaving their work stations unattended and poor monitoring of employees' computer usage. Munaretto said the security issues will be addressed, but noted there have not been any problems because of a lack of security to date. "We're not aware of one incident in which there's been unauthorized access (to the county network)," he said. In a written response to the report, Sullivan states that his department does not have the resources to properly monitor the computer usage of county workers. Sullivan also states that the creation of a disaster plan is in the works, but that implementing it would require additional funding to his department.Computer: Director says more staffing required - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu May 15 2003 - 03:03:58 PDT