Audit questions Minnesota Education Department computer security

[InfoSec News <alerts () infosecnews org>]

http://www.startribune.com/politics/statelocal/221881331.html

By JIM RAGSDALE
Star Tribune
August 30, 2013

State computers that direct billions of dollars in state and federal funds 
to schools and contain private information on students need better 
security measures to protect that data and the network’s integrity, 
Minnesota’s legislative auditor has found.

The report released this week found no breaches or stolen data from the 
mammoth computer systems of the Minnesota Department of Education, but 
found that the department lacked "adequate internal controls" and 
comprehensive security plans and had failed to document where private data 
was held or the internal controls needed to secure it.

"The findings are very concerning to us," said Josh Collins, 
communications director for the Education Department. "The security of 
student data is very important to us." The department agreed with the 
audit’s findings and vowed to work with the office of MN.IT Services, the 
state’s information technology experts, to address them.

The report said the department employs more than 100 separate computer 
applications to track distribution of state aid to schools, teacher 
licensure, lunch programs and special education. A total of 60 MN.IT 
employees are assigned to the department, managing more than 1,000 
department computers, servers, mobile devices and printers. Just two of 
the department’s applications, the audit stated, processed $7.3 billion in 
state and federal payments to schools in 2012.

[...]

--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/