[ISN] School computer security at risk

From: InfoSec News (alerts@private)
Date: Wed Sep 12 2007 - 23:07:12 PDT


http://www.democratandchronicle.com/apps/pbcs.dll/article?AID=/20070912/NEWS01/709120339/1002/NEWS

By Ernst Lamothe Jr.
Staff writer
September 12, 2007

GATES - The Gates Chili Central School District needs to better control 
unauthorized access to its information technology computer rooms that 
could result in someone altering records or essential data being lost, 
according to a recent state Comptroller's Office report.

The audit examined seven schools within the district from July 1, 2005, 
to Feb. 27, 2007.

Currently, the district does not keep a log of who enters server rooms, 
which makes its computer systems and equipment vulnerable to any 
intruder. In addition, the district's network servers are scattered in 
seven rooms, with only two of the doors being locked.

Auditors recommended locking doors at all times to enhance security, as 
well as documenting the arrival and departure of visitors having access 
to the server rooms.

"The audit found that the school district systems were at risk because 
of not properly securing the area where the computers were stored. They 
also failed to have a disaster recovery plan in place," said Emily 
DeSantis of the Comptroller's Office.

The report also showed Gates Chili spent $44,226 for meals and 
refreshments during the audit period without having a procedure to 
document why the district needed to pay the costs. The Comptroller's 
Office plans to audit every state school district by March 2010.

"We look into various areas for schools such as payroll or purchasing 
procedures and we audit the areas that are most at risk," said DeSantis.

Superintendent Richard Stein sent a letter last month to the state 
office saying the school district will implement several corrective 
actions. Those plans include the board adopting procedures to restrict 
access to its information technology system.

The policy will also require that the system be located in a ventilated 
area that is protected from unauthorized access. The board plans to 
develop a formal disaster recovery plan that provides guidance on 
preventing computer data loss and improving record recovery methods. 
Stein said the board will forward a plan to the Comptroller's Office by 
mid-November.


____________________________________
Visit the InfoSec News Bookstore
http://www.shopinfosecnews.org



This archive was generated by hypermail 2.1.3 : Wed Sep 12 2007 - 23:20:52 PDT