|Financial Audit Division Report 04-39||Released September 17, 2004|
MnSCU has taken steps to resolve many of the security weaknesses reported in prior audits; however, it has not developed a comprehensive security program to effectively manage security throughout the organization. Furthermore, we question whether MnSCU can develop a successful security program given the limited resources currently devoted to security.
We have performed several information technology audits at MnSCU since 1996. These audits typically focused on selected “general controls” that help secure its Integrated Statewide Records System (ISRS). These audits found similar and often serious security concerns.
The purpose of this information technology audit was to assess and
report the status of security weaknesses described in prior audit reports.
We limited our scope to those weaknesses that impacted ISRS.