KTAR reports: The Maricopa County Community College district announced friday it has canceled classes until mar 29 after a cybersecurity publication forced its network system offline. in a statement on its website, the territory said the network outage was due to suspicious activity that appears to be related to a potential cyber attack. Read more on KTAR and on AZCentral. h/t, @Chum1ng0 They noted abnormal activity on march 16 and hold canceled classes until march 29? That sounds serious. Regular readers may recollection that this site has reported on a number of data security incidents involving MCCCD — including the largest U.S. instruction sector drudge ever disclosed to date. That 2013 breach, disclosed by MCCCD 7 months after it was first discovered, appeared to have occurred after the district failed to properly remediate a 2011 breach. The incident cost the territory more than $26 jillion in costs. a third incident noted by this site in 2016 involved MCCCD employee-related files that were exposed on an unsecured FTP server owned by the county. And now this…. whatever “this” is. It will be interesting to see how any attackers gained access. The following is a summary from the state’s audit of Maricopa County Community College District, the report on Internal hold and on Compliance for Year Ended June 30, 2017: We found that the territory needed improvements in certain controls over payroll, IT, and full-time student enrollment counts and reported 5 findings. Most importantly, we found the district lacked adequate policies and procedures over IT systems and data to appropriately respond to risks and to prevent, detect, examine and review system changes, and respond to unauthorized or inappropriate access, damage, or loss, including protecting sensitive student data. ii years later, another say audit of MCCCD reported: 2019-04 Information technology (IT) controlsaccess and security status and context The Districts control procedures were not sufficiently designed, documented, and implemented to respond to risks associated with its IT systems and data. The district lacked adequate procedures over the following: Restricting access to its IT systems and dataProcedures did not consistently help foreclose or detect unauthorized or inappropriate access. Securing systems and dataIT security policies and procedures lacked controls to keep unauthorized or inappropriate access or use, manipulation, damage, or loss. Criteria The district should have effective internal controls to protect its IT systems and assist see the integrity and accuracy of the data it maintains. Logical access controlsHelp to ensure systems and data are accessed by users who hold a need, systems and data access granted is appropriate, and key systems and data access is monitored and reviewed. IT certificate internal contain policies and proceduresHelp prevent, detect, and respond to instances of unauthorized or inappropriate access or use, manipulation, damage, or loss to its IT systems and data. EffectThere is an increased risk that the district may not adequately protect its IT systems and data, which could result in unauthorized or inappropriate access and/or the loss of confidentiality or integrity of systems and data. CauseThe district was unable to update and implement its IT access and security policies and procedures during the fiscal year because of time constraints and a deficiency of resources. RecommendationsTo help ensure the district has effective policies and procedures over its IT systems and data, the territory should be counsel from a credible industry source, such as the National institute of Standards and Technology. To assist achieve these verify objectives, the district should develop, document, and implement hold procedures in each IT control area described below: access allot and periodically critique employee user access ensuring appropriateness and compatibility with job responsibilities. remove terminated employees access to IT systems and data review all other account access to see it remains appropriate and necessary. evaluate the apply and appropriateness of accounts shared by 2 or more users and manage the credentials for such accounts. Enhance hallmark requirements for IT systems. security execute proactive cay user and system action logging and log monitoring, particularly for users with administrative access privileges. The Districts responsible officials views and planned corrective activity are in its corrective action project included at the stop of this report. This finding is similar to prior-year findings 2018-04 So what was the District’s response to these findings and recommendations? They wrote: 2019-04 Information technology (IT) controlsaccess and security Names of contact person: Jacob Vipond Anticipated completion date: The district anticipates having all of these initiatives relating to this finding completed by the 2nd quarter of calendar year 2021. The district agrees with the finding. The district recognizes the benefits of adopting counsel from a credible industry source, specifically the national institute of Standards and Technology, and plans to conduct periodic reviews of employee access and apply principles of least privilege across all systems, specifically users with elevated permissions. So exactly which initiatives were completed prior to this latest cyberattack?