Issue link: https://newsleader.uberflip.com/i/348392
assigned to the office of City Auditor and Clerk Pam Nadalini. Bartolotta resigned the following February. Nadalini expressed support for the IT Department in a June 20, 2014, cover letter for the audit. "While much work has been done to move the department forward, the most recent audit has identified additional opportunities for growth and improvements and to enhance the capabilities of the profes- sional staff," she wrote. "It is my intent, as well as that of the IT Director and IT staff, to implement the auditor's recommendations to ensure a secure and effective computing envi- ronment for the City of Sarasota." THE FINDINGS The two opening sentences of the audit's executive summary are chilling. "Overall the City of Sarasota's ITD is mostly reactive and does not seem to be aware and prepared to address the risks identified, in detail, below. The IT team seems to be comprised of indi- viduals that are not working together to solve common IT security problems," the document begins. The audit cites "the top 10 risks to the organi- zation" and then goes into detail on each one, offering findings and recommendations. The first problem ("lack of a clear understanding") cited staff members taking on more work that "ultimately leads to them neglecting their base tasks." It recommends "the leadership of the ITD needs to re-focus the staff … making sure their core responsibilities are taken care of." The second problem noted was the lack of a formal "security manager." The audit says, "The IT Network Manager has assumed this role, but does not have any explicit authoriza- tion to perform IT security tasks. This causes the individual to be timid in running security scans that may disrupt service." The audit also points to a deficiency in the handling of basic security tasks. "One example is the fact that ITD staff did not realize that over 250 machines went 48 hours without getting the latest anti-virus updates." Users of the Microsoft operating system are familiar with the sometimes weekly "patches" needed to plug security holes in Windows. 'The City of Sarasota has over 2,500 miss- ing Microsoft security patches across its workstations and server," the audit found. It recommended the department "commit to a patch schedule." The audit also determined that some work- ers in IT use Windows 8, while the rest of the The firm ReliaQuest undertook the recent audit of the City of Sarasota's Information Technology Department. Image from the firm's website Sarasota News Leader July 18, 2014 Page 17