Audit: UW System hasn't protected computer systems

MADISON — A new state report indicates the University of Wisconsin System hasn't developed a comprehensive computer security program.

The Legislative Audit Bureau's report Tuesday found the UW Information Assurance Council established authentication, data classification, security awareness, incident response and acceptable use policies in September 2016. But system administration hasn't taken significant steps to comply with regent policy to develop security.

Auditors said security weaknesses increase the risk of unauthorized changes to accounting, payroll and student data, exposure of personally identifiable information and cyber-attacks.

The report recommends security work continue and system officials train schools on procedures. The report noted that system administration agreed.

Sen. Robert Cowles and Rep. Samantha Kerkman, co-chairs of the Legislature's audit committee, said IT security is critical and they look forward to hearing about UW's progress.