Audit: UW System hasn’t protected computer systems

BERLIN, GERMANY - SEPTEMBER 20: Students study with their laptop computers in the Pedagogical Library at the Freie Universitaet university on September 20, 2011 in Berlin, Germany. German universities recorded a record 2.218 million matriculations in the 2010/2011 winter semester, a rise of 4.5%, and expect even more students in the coming winter semster, which starts in October. The end of compulsory military service in the Bundeswehr, the German armed forces, which went into effect earlier this year, is a major contributing factor to the rise in the numbers of students arriving at universities across the country. (Photo by Sean Gallup/Getty Images)

MADISON — A new state report indicates the University of Wisconsin System hasn’t developed a comprehensive computer security program.

The Legislative Audit Bureau’s report Tuesday found the UW Information Assurance Council established authentication, data classification, security awareness, incident response and acceptable use policies in September 2016. But system administration hasn’t taken significant steps to comply with regent policy to develop security.

Auditors said security weaknesses increase the risk of unauthorized changes to accounting, payroll and student data, exposure of personally identifiable information and cyber-attacks.

The report recommends security work continue and system officials train schools on procedures. The report noted that system administration agreed.

Sen. Robert Cowles and Rep. Samantha Kerkman, co-chairs of the Legislature’s audit committee, said IT security is critical and they look forward to hearing about UW’s progress.