Arizona's Universities - Information Technology Security

This audit found that Web-based applications at Arizona State University, the University of Arizona, and Northern Arizona University are vulnerable, and the universities have not fully implemented information technology (IT) security programs. Auditors were able to access sensitive information, including a database containing 10,000 names and social security numbers. The universities need to address the security of their Web-based applications and implement comprehensive IT security programs. In addition, the universities should establish timelines for implementing the audit recommendations and report their implementation progress to the Arizona Board of Regents.