Topeka A follow-up audit to a 2005 report on computer security at Kansas University and two other schools has found numerous policy shortcomings.
The Legislative Division of Post Audit report, released Wednesday, said that few of the policy recommendations from its 2005 audit had been fully implemented by the institutions.
The report focused on KU, Kansas State University and Emporia State University.
KU had implemented the fewest policy recommendations from the 2005 audit: five of 33 recommendations.
The policies were aimed at maintaining the security and integrity of information on computer systems at the schools, the audit said. The policies dealt with security best practices in the areas of access controls, data controls, general controls, incident response, operations, physical security, system development, and security management, the report stated.
K-State had implemented seven of 33 recommendations, and Emporia State, 28 of 41.
“Despite their importance, the findings of this follow-up audit show that the three universities generally have done a poor job implementing the policy recommendations from the 2005 audit,” the new audit said.
“While it may be difficult to develop and approve policies in a university setting because of the need to develop consensus among numerous constituencies, the universities have had three years to address these policy recommendations,” the report stated.
Denise Stephens, vice provost for information services at KU, said the school was working to “take closer central control of the network.”
She said KU has reorganized its information technology department.
Even so, state Rep. Virgil Peck Jr., R-Tyro, and chairman of the House-Senate Legislative Post Audit Committee, said several of the committee members were disturbed by the universities’ lack of progress.
He said the committee plans to have the audit division do follow-up reports on a quicker timeframe.