For the fourth consecutive year, professionals who sit at the intersection of information technology and accounting have selected Information Security as the number one technology to watch in 2006, according to the results of the 17th annual Top Ten Technologies survey of the American Institute of Certified Public Accountants. Four new technologies join six holdovers on the 2006 list: Assurance and Compliance, IT Governance, Privacy Management, and Spyware Detection and Removal.
|2006 Top Technology Initiatives
- Information Security . The hardware, software, processes, and procedures in place to protect information systems from internal and external threats. It includes routers, perimeter firewalls, IP strategy, intrusion detection and reporting, content filtering, anti-virus, anti-spyware, password management, vulnerability assessment, patch management, personal firewalls, wireless security strategies, data encryption, locked facilities and user education.
- Assurance and Compliance Applications (e.g. SOX 404, ERM). Collaboration and compliance tools that enable various stakeholders to monitor, document, assess, test and report on compliance with specified controls.
- Disaster and Business Continuity Planning . The development, monitoring, and updating of the process by which organizations plan for continuity of their business in the event of a loss of business information resources due to impairments such as theft, virus infestation, weather damage, accidents, or other malicious destruction. This also includes business continuation and contingency planning.
- IT Governance . IT governance is a structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value, while still balancing risk versus return over IT and its processes.
- Privacy Management. Privacy encompasses the rights and obligations of individuals and organizations with respect to the collection, use, disclosure, and retention of personal information. As more information and processes are being converted to a digital format, this information must be protected from unauthorized users and from unauthorized usage by those with access to the data. This includes complying with local, state, national and international laws.
- Digital Identity and Authentication Technologies . A way to ensure users are who they say they are—that the user who attempts to perform functions in a system is in fact the user who is authorized to do so. This includes hardware and software solutions that enable the electronic verification of a user's identity or a message's validity, for example, digital certificates. This technology includes the use of bar codes, magnetic stripe, biometrics, tokens and access control for authentication, non-repudiation, and authorization.
- Wireless Technologies . Connectivity and transfer of data between devices via the airwaves, i.e. without physical connectivity. Wireless technologies include Bluetooth (PAN), infrared, WiFi (802.11 WLAN), Wi-Max (802.16), 2.5G & 3G (WWAN) and, satellite.
- Application and Data Integration . Using current and emerging technologies, including .NET, web-services, Java, XML (the foundation for XBRL) & Ajax, to facilitate integration of data between heterogeneous applications. In its most basic format, XBRL focuses on the agreement to improve gathering, analyzing and sharing business reporting data. For example updating a field in one application and have it automatically synchronize with other applications. This allows organizations to select and seamlessly integrate "best of breed" applications.
- Paperless Digital Technologies . Document and content management includes the process of capturing, indexing, storing, retrieving, searching, and managing documents electronically including database management (PDF and other formats). Knowledge management then brings structure and control to this information, allowing organizations to harness the intellectual capital contained in the underlying data.
- Spyware Detection and Removal . Technology that detects and removes programs attempting to covertly gather and transmit confidential user information without his or her knowledge or permission. Spyware applications are typically bundled as a hidden component of freeware or shareware programs or attached to malicious websites. Once installed, spyware can monitor user activity, gather information about e-mail addresses, passwords, and credit card numbers in the background, then transmit this information to someone else. Spyware can include Remote Access Trojans (RAT) and root kits.
In addition to the Top Ten Technologies list, this year the AICPA is also including a section for Honorable Mention.
- E-mail Filtering including Spam and Malware scanning. Solutions (software, hardware appliances and/or managed services) that help reduce/eliminate unwanted, nuisance and malicious e-mail delivered to end-user inboxes by employing a number of strategies including white list, black list, content filtering, domain name authentication and real-time SMTP connection monitoring and blocking.
- Outsourcing. Hiring an outside resource to perform all, or portions, of an organization's internal IT support, transaction processing, application support or special projects.
- Storage & Backup Technologies. Technologies that allow additional storage capacity, either locally or over the Web, to be added to a device or network that can then be used for additional space or data backup. Technologies include Direct Attached Storage (DAS), Network Attached Storage (NAS), Storage Area Networks (SAN), optical (DVD, CD, Blu-Ray), etc. Web solutions include Connected, Live Vault and NovaStor. Storage strategies include copying data via disk imaging, cloning, shadow copying, etc. to easily and quickly maintain duplications of data to ensure fast and easy recovery.
- Patch & Network Management Tools. Tools and strategies to centrally patch, manage, upgrade and maintain applications and operating systems across an enterprise, eg. MS MOM (Microsoft Operation Manager), MS WSUS (Microsoft Windows Server Update Service), Shavlik, Dell Open Manage, ZenWorks, Unicenter TNG, etc.
- Technology Competency & Effective Utilization. The methodology and curriculum by which personnel learn to understand and utilize technology. This includes learning competency and learning plans to increase the knowledge of individuals. This also includes ensuring that the organization has resources available to efficiently train new hires on technology and train current employees on full utilization of existing technology on a timely basis.