My WebLink
|
Help
|
About
|
Sign Out
Home
COM 0939.000 2008-2010
ClerkCouncil
>
Council Records
>
Communications
>
2008-2010
>
COM 0939.000 2008-2010
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
9/23/2010 9:43:22 AM
Creation date
9/10/2010 11:40:31 AM
Metadata
Fields
Template:
Communications
Communications - Type
COM
Communications - Council Term
2008-2010
Communication
0939
Point
000
Author
Colleen Schrandt, Legislative Auditor
Communications - Referred To
FC
Comments
FC: Close file - 9/20/10
Document Relationships
AGE FC 09/20/2010 2008-2010
(Related)
Path:
\Council Records\Agendas\2008-2010\Finance Committee (FC)
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
151
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
COUNTY OF HAWAII <br /> STATE OF HAWAII <br /> Status of Prior Year Findings and Recommendations <br /> Fiscal year ended June 30, 2009 <br /> • Passwords — The following password parameters should be implemented for the IAS application: <br /> _ Minimum password length of at least six characters <br /> Increased complexity of passwords, including the use of alphanumeric and special characters <br /> Mandatory password changes every 60 to 90 days <br /> Auto lock -out after three failed log -in attempts (system administrator intervention should be required <br /> to unlock the account) <br /> • User Access — Segregation of duty controls should be implemented so that functional users also do not <br /> have administrator access. <br /> • Review of User Access — Management should conduct periodic reviews of user profiles and templates, as <br /> well as user access to key IT applications. <br /> • Physical Access — The server room hosting the IAS application should remain locked at all times and only <br /> be unlocked when access to the server room is necessary. Also, management may consider implementing <br /> a physical access mechanism that requires a log -on to enhance monitoring and detective controls. <br /> We did not identify a material impact to the financial reporting process as a result of these issues; however, the <br /> County and the Department of Data Systems can take steps toward enhancing and improving their IT general <br /> controls by incorporating the recommendations listed above. <br /> Status <br /> In response to the issues noted above, the Department of Data Systems has responded as follows: <br /> • Information Security Policy — An Information Security Policy Committee has been created to develop <br /> guidelines that will ultimately be used for preparing an information security policy for the County. <br /> • Passwords — The IAS application does not currently have a feature that would make the recommended <br /> changes to the password requirements. The Department of Data Systems will continue to work with their <br /> vendor to determine if it would be possible to add this functionality to their software. <br /> • User Access — Access is inherently limited due to the small number of personnel. However, access will be <br /> monitored to ensure that proper segregation of duties is maintained. <br /> • Review of User Access — Management is currently conducting periodic reviews of user profiles and <br /> templates on a limited basis. The Department of Data Systems will work on implementing these reviews <br /> on a wider scale. <br /> • Physical Access — The server was moved and is now locked in a server room. <br /> 5 <br />
The URL can be used to link to this page
Your browser does not support the video tag.