Information Security is one of the major areas of concern for our government as it faces threats to the nation's critical infrastructure. For organizations, prevention of compromise to their information assets makes this issue a priority as focus and resources are placed on the formation of information security policy and the implementation of control measures to prevent access and/or manipulation of their systems and data.
With the ever-increasing demands and requirements to ensure your organization’s or clients' business data, information, and systems are secure, the AICPA’s Information Management and Technology Assurance Center website provides the following content designed to help you in your own practice, as well as to serve as resources when advising or providing assurance to others.
| ABCs of IT Security for CPAs |
ABCs of IT Security for CPAs #8: A CPA’s Introduction to Peripherals Security Management
Peripheral devices are fueling a growing trend of security breaches, information leakage, and data theft inside and outside networked environments.
ABCs of IT Security for CPAs #7: Introduction to Security Maintenance Considerations
Computer systems require routine maintenance and upkeep to keep current and secure.
ABCs of IT Security for CPAs #6: Introduction to Perimeter Security
This article introduces the cornerstones of network perimeter security.
ABCs of IT Security for CPAs #5: What CPAs Should Know About Desktop Security Measures
Every security component works alongside or in conjunction with other facets of an overall framework to achieve and fulfill some desired security policy objective.
ABCs of IT Security for CPAs #4: A CPAs Introduction to Mobile and Remote Computing Security Considerations
As everyday mobile devices take on more features, forms, and functions new opportunities for potential attack and exploitation come along with them.
ABCs of IT Security for CPAs #3: A CPAs Introduction to Physical Security Considerations
Physical security is part of a multi-layered model that incorporates various practices, protocols, and procedures.
ABCs of Information Security #2: A CPAs Introduction to IT Policies and Procedures (Article)
Learn how to develop and implement effective IT policies and what to look for in client policies.
ABCs of Information Security #1: What is Information Security? An IT Security Primer (Article)
The first article in a series on Information Security introduces CPAs to information security with a discussion of the CIA Triad, and how the principles of Confidentiality, Integrity and Availability, lie at the heart of any successful IT security strategy.
| Information Security Audits |
GTAG 6: Managing and Auditing IT Vulnerabilities
Among their responsibilities, information technology (IT) management and IT security are responsible for ensuring that technology risks are managed appropriately.
Don't Let This Happen To You: Critical Information Security Audit Considerations
Review of specific policies and procedures related to the security portion of Information Technology internal audit.
Auditing Risk - A Practical Method Using the InfoSec Triangle
This article offers a logical methodology to determine audit risk within an organization including a 360-degree observation of the InfoSec Triangle.
The InfoSec triangle Checklist
Tommie Singleton’s approach to auditing specific information technologies focuses on the characteristics of the information most commonly protected, with Confidentiality, Availability and Integrity (CAI) completing the three points of the “InfoSec Triangle.”
Common Vulnerabilities and Exposures
Common Vulnerabilities and Exposures (CVE®) is a list or dictionary of publicly known information security vulnerabilities and exposures international in scope and free for public use.
| Identity and Access Management |
Identity Management and Access Control
With the near ubiquity of computerized accounting systems, identity and access management (IAM) has become a critical entity-level control functioning both at the system and application levels. This article introduces the related concepts of Identity Management and Access Control and discusses why they are so crucial for CPAs to understand.
GTAG 9: Identity and Access Management
Prepared by The Institute of Internal Auditors (The IIA), each Global Technology Audit Guide (GTAG) is written in straightforward business language to address a timely issue related to information technology (IT) management, control, and security.
The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect cardholder data. PCI DSS applies to all entities involved in payment card processing – including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process or transmit cardholder data. PCI DSS comprises a minimum set of requirements for protecting cardholder data, and may be enhanced by additional controls and practices to further mitigate risks.
Payment Card Industry Data Security Standard
The Security Standard Council produced a set of comprehensive requirements for enhancing payment account data security. The council is comprised of founding payment brands including American Express, Discover Financial Services, MasterCard Worldwide and Visa International and JCB and their mission is to produce standards that can be adopted globally to provide consistent data security measures.
Becoming familiar with the Payment Card Industry Data Security Standard is a prerequisite to understanding the regulatory environment in which many businesses that accept credit and debit cards operate.
Mastering the Payment Card Industry Standard
Private framework seeks to shield credit and debit card account information.
Test Your Information Security IQ
Information security is a dynamic field and, although accounting professionals have become much savvier on the subject, keeping track of the latest best practices can be a daunting task. How current are you? Take this quiz on information security basics to find out.
Information Security Continues to Be Vital for CPAs in Public Accounting, Business and Industry
With the increased pressure on companies to comply with security standards, most businesses try to maintain a competitive edge by keeping certain information security initiatives at the forefront of their plans
Small Company Security Resources
Today, companies rely on technology to manage and operate virtually every aspect of their business, with a critical focus being protecting sensitive financial information and client, vendor and employee data.
The Inside View of Information Security Management
In this article, three CPA,CITPs discuss how information security can be better managed within an organization.