Cybersecurity Resource Center 

Malicious cyberattacks against public and private companies and various agencies of the federal government have highlighted the growing cybersecurity risk to organizations of all sizes, in all sectors.

CPAs are well-positioned to help entities manage cybersecurity risks through services such as the following:

  • Assurance services: Increasingly, businesses, organizations and governmental entities are interested in evaluating the effectiveness of their cybersecurity risk management programs. CPAs can provide assurance on those programs to help instill confidence in an entity’s efforts to address cybersecurity risks.
  • Advisory services: CPAs, especially those with a specialization in information technology, can share their expertise and best practices with clients, helping them address risks associated with cybersecurity.
  • Protecting client and customer data: CPAs in public accounting and those working in the finance function within business and industry can provide valuable insights on how to safeguard client and customer information. 
Navigate the Cybersecurity Resource Center
Learn how CPA finance executives and accounting firms can manage cybersecurity challenges, and access cybersecurity news, information, events and resources developed by the AICPA.

Featured Resources - Access the latest cybersecurity resources and learning opportunities.
Resources - These key resources can help you better understand cybersecurity issues and solutions. 
CPE and Events - Link to available cybersecurity learning opportunities.
News and Articles - Read news about cybersecurity and how it affects businesses and clients.
Other Related Resources - Find additional cybersecurity information through these related resources. 

Featured Resources

To help businesses and organizations report on their cybersecurity risk management efforts, the AICPA's Assurance Services Executive Committee (ASEC) has exposed two sets of criteria for public comment:

  • Proposed Description Criteria for Management's Description of an Entity's Cybersecurity Risk Management Program is intended for use by management in designing and describing its cybersecurity risk management program and by public accounting firms to report on management's description.

  • Proposed Revision of Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy outlines revised AICPA trust services criteria for use by public accounting firms that provide advisory or attestation services to evaluate the controls within an entity's cyber risk management program, or SOC 2®  engagements. Management also may use the trust services criteria to evaluate the suitability of design and operating effectiveness of controls.   

The comment period ends on December 5, 2016. In addition to these exposure drafts, you can find a number of other helpful resources including a backgrounder on the AICPA's upcoming cybersecurity engagement, a mapping of the Proposed Trust Services Criteria and the AICPA's input to the Commission on Enhancing National Cybersecurity.

    CPE and Events


    News and Articles

    See more cybersecurity news and articles.

    A A A

    Copyright © 2006-2016 American Institute of CPAs.