http://www.democratandchronicle.com/apps/pbcs.dll/article?AID=/20070912/NEWS01/709120339/1002/NEWS By Ernst Lamothe Jr. Staff writer September 12, 2007 GATES - The Gates Chili Central School District needs to better control unauthorized access to its information technology computer rooms that could result in someone altering records or essential data being lost, according to a recent state Comptroller's Office report. The audit examined seven schools within the district from July 1, 2005, to Feb. 27, 2007. Currently, the district does not keep a log of who enters server rooms, which makes its computer systems and equipment vulnerable to any intruder. In addition, the district's network servers are scattered in seven rooms, with only two of the doors being locked. Auditors recommended locking doors at all times to enhance security, as well as documenting the arrival and departure of visitors having access to the server rooms. "The audit found that the school district systems were at risk because of not properly securing the area where the computers were stored. They also failed to have a disaster recovery plan in place," said Emily DeSantis of the Comptroller's Office. The report also showed Gates Chili spent $44,226 for meals and refreshments during the audit period without having a procedure to document why the district needed to pay the costs. The Comptroller's Office plans to audit every state school district by March 2010. "We look into various areas for schools such as payroll or purchasing procedures and we audit the areas that are most at risk," said DeSantis. Superintendent Richard Stein sent a letter last month to the state office saying the school district will implement several corrective actions. Those plans include the board adopting procedures to restrict access to its information technology system. The policy will also require that the system be located in a ventilated area that is protected from unauthorized access. The board plans to develop a formal disaster recovery plan that provides guidance on preventing computer data loss and improving record recovery methods. Stein said the board will forward a plan to the Comptroller's Office by mid-November. ____________________________________ Visit the InfoSec News Bookstore http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Wed Sep 12 2007 - 23:20:52 PDT