2008 TTI Case Study: Securing Our Nation’s Systems 

    by Scott H. Cytron, ABC   

    Securing Our Nation’s Systems

    Desktop computers for 2008 TTI Case StudyTaking proper security precautions is crucial for anything you want to protect with utmost care. For most people, this includes houses, cars, offices and jewelry. Is there anything left out? Oh yes, the never-ending battle to safely guard confidential information!
    As Chief Financial Officer of TWM Associates, Inc. (TWM), a system-engineering corporation, Lisa Johnson keeps a watchful eye on some of the most secure infrastructures in the world – those of the Federal government.

    The team at TWM is comprised of CPAs, Certified Information System Auditors (CISAs) and security engineers who specialize in Information Assurance (IA) and Information Security Engineering (INFOSEC). Together, they implement or evaluate secure infrastructures based on public laws, agency policies and commercial standards for their commercial and government customers.

    Companies and individuals look to TWM when they are exposed to some level of risk. Therefore TWM must always be in tune with the most current technology trends in order to provide the best level of information security possible. The AICPA Top Technology Initiatives serve as the perfect guide for TWM to look to for direction in entering 2008. In fact, for Johnson and the majority of the 50 employees at TWM, Information Security Management is not only the #1 Initiative on the list; it’s TWM’s number one priority as well … and an initiative embedded in Johnson’s own job description.
    “On a daily basis, we help to protect data, execute certification and accreditations and provide vulnerability and risk assessment – all of which are part of the first initiative,” says Johnson.

    One of TWM’s main solutions offered through its security engineering and analysis forum is developing a Plan of Actions and Milestones (POA&Ms) – management solutions to meet Federal Information Security Management Act (FISMA) requirements. Once the Act went into effect in 2002 (superseding the Government Information Security Reform Acts (GISRA) of 2000), it immediately bolstered network security within the Federal government to mandate annual reviews. This solution ties directly into the #3 initiative, Business Continuity Management.

    “Business Continuity Management is something that has been around forever and must always be in place just in case something happens,” says Johnson. “It is our job to help our clients follow the proper guidelines to keep them from facing security challenges.”

    She comments that many people overlook the countless areas involved in Identity and Access Management. When dealing with the massive security integrated within a government sector, the level of protection leaps above and beyond an everyday password.

    The level of technological security Johnson deals with on a daily basis is unimaginable to most – and the majority of which she is not at liberty to discuss. However, one area of her career that is not confidential is something all professionals can relate to: She goes to work each day hoping to better understand her client’s needs from a customer perspective. The Top 10 Technology initiatives are guidelines she uses to assist her clients each day to improve those results.

    A A A

    Copyright © 2006-2014 American Institute of CPAs.