State University of New York

Health Science Center at Stony Brook: Selected General Controls Over Computer Network Security (Follow-Up Report)

The Health Science Center at Stony Brook teaches students, conducts research in health-related areas, and provides care to patients in clinics and a 504-bed hospital. The Center uses computer and telecommunications networks to support its various activities. In audit report 2004-S-2, we examined the adequacy of the Center’s controls for preventing unauthorized access to the networks, as well as the adequacy of the controls for ensuring the confidentiality, integrity and continued availability of the data stored on the networks. We found that certain improvements could be made in these controls. When we followed up on these matters with Center officials, we found that they had implemented most of our audit recommendations and were striving to ensure full implementation of all recommendations. To protect the security of the networks’ operations, our detailed audit findings were not included in either our original audit report or our follow-up report.

For a complete copy of Report 2005-F-33 click here.