Skip to Content, Navigation, or Footer.
The Daily Cardinal Est. 1892
Wednesday, September 22, 2021
The UW System has failed to develop a comprehensive IT security program, leaving transactions, payroll information and student data vulnerable, according to a new report released Tuesday.

The UW System has failed to develop a comprehensive IT security program, leaving transactions, payroll information and student data vulnerable, according to a new report released Tuesday.

Audit says UW hasn’t properly protected computer systems, student information

The UW System has failed to develop a comprehensive IT security program, leaving transactions, payroll information and student data vulnerable, according to a new report released Tuesday.

According to the Legislative Audit Bureau, they’ve reported concerns with the System’s IT security since the 1990s.

"Failure to provide an appropriate level of protection for UW systems and data increases the risk that personally identifiable information could be accidentally or maliciously exposed," the audit said, citing possible cyber attacks.

“Weaknesses in IT security policies, procedures, and controls increase the risk that unauthorized or erroneous transactions could be processed or changes could be made to accounting, payroll, and student data,” the audit continued. “In addition, failure to provide an appropriate level of protection for UW systems and data increases the risk that personally identifiable information could be accidentally or maliciously exposed”

Intellectual property, a coveted commodity at a top-tier research university like UW-Madison, is also at risk of theft with the current weaknesses. If stolen, it could rob a university of possible revenue.

The LAB noted they had previously reported on UW System IT security system weakness in audits from fiscal years 2014-’15 and 2015-’16. In 2015 the Board of Regents adopted a policy that included a push for the comprehensive system suggested in previous audits — currently the system doesn’t comply with the regents’ policy.

The system has taken steps to update their security systems, but this year’s audit identified a new concern that LAB determined too sensitive to share publicly and instead was shared with specific UW System institutions that were affected.

The UW System, whose response was included in the report, agreed with the findings and agreed to work with officials to address the concerns by Aug. 31. 

Enjoy what you're reading? Get content from The Daily Cardinal delivered to your inbox
Support your local paper
Donate Today
The Daily Cardinal has been covering the University and Madison community since 1892. Please consider giving today.
Comments


Powered by SNworks Solutions by The State News
All Content © 2021 The Daily Cardinal