Information Security Management

    Information Security Management 

    Information Security is one of the major areas of concern for our government as it faces threats to the nation's critical infrastructure. For organizations, prevention of compromise to their information assets makes this issue a priority as focus and resources are placed on the formation of information security policy and the implementation of control measures to prevent access and/or manipulation of their systems and data.

    With the ever-increasing demands and requirements to ensure your organization’s or clients' business data, information, and systems are secure, the AICPA’s Information Management and Technology Assurance Center website provides the following content designed to help you in your own practice, as well as to serve as resources when advising or providing assurance to others.

    Highlighted Resource
    The Top Five Cybercrimes White Paper
    With the rampant growth in cybercrime, it's no longer a question of if CPAs, their clients or their organization will become a victim, but when. The Top 5 Cybercrimes, a white paper developed by the AICPA's Forensic and Valuation Services Section in conjunction with the IMTA Division, identifies and examines the cybercrimes that pose the strongest threats for CPAs. It features expert remediation guidance, real-life examples, in-depth statistics and invaluable resources that can help CPAs in their prevention, detection and recovery strategies.
    ABCs of IT Security for CPAs

    Check list for IT security for CPAsABCs of IT Security for CPAs #8: A CPA’s Introduction to Peripherals Security Management
    Peripheral devices are fueling a growing trend of security breaches, information leakage, and data theft inside and outside networked environments.

    ABCs of IT Security for CPAs #7: Introduction to Security Maintenance Considerations
    Computer systems require routine maintenance and upkeep to keep current and secure. 

    ABCs of IT Security for CPAs #6: Introduction to Perimeter Security
    This article introduces the cornerstones of network perimeter security.

    ABCs of IT Security for CPAs #5: What CPAs Should Know About Desktop Security Measures
    Every security component works alongside or in conjunction with other facets of an overall framework to achieve and fulfill some desired security policy objective.

    ABCs of IT Security for CPAs #4: A CPAs Introduction to Mobile and Remote Computing Security Considerations
    As everyday mobile devices take on more features, forms, and functions new opportunities for potential attack and exploitation come along with them.

    ABCs of IT Security for CPAs #3: A CPAs Introduction to Physical Security Considerations
    Physical security is part of a multi-layered model that incorporates various practices, protocols, and procedures.

    ABCs of Information Security #2: A CPAs Introduction to IT Policies and Procedures (Article)
    Learn how to develop and implement effective IT policies and what to look for in client policies.

    ABCs of Information Security #1: What is Information Security? An IT Security Primer (Article)
    The first article in a series on Information Security introduces CPAs to information security with a discussion of the CIA Triad, and how the principles of Confidentiality, Integrity and Availability, lie at the heart of any successful IT security strategy.

    Information Security Audits

    Pens and paper for IT security auditGTAG 6: Managing and Auditing IT Vulnerabilities
    Among their responsibilities, information technology (IT) management and IT security are responsible for ensuring that technology risks are managed appropriately.

    Don't Let This Happen To You: Critical Information Security Audit Considerations
    Review of specific policies and procedures related to the security portion of Information Technology internal audit.

    Identity and Access Management

    Glasses for identity management and access controlIdentity Management and Access Control
    With the near ubiquity of computerized accounting systems, identity and access management (IAM) has become a critical entity-level control functioning both at the system and application levels.

    GTAG 9: Identity and Access Management
    Prepared by The Institute of Internal Auditors (The IIA), each Global Technology Audit Guide (GTAG) is written in straightforward business language to address a timely issue related to information technology (IT) management, control, and security.

    Payment Card Industry

    Credit card for payment card industry guidelines The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect cardholder data. PCI DSS applies to all entities involved in payment card processing – including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process or transmit cardholder data. PCI DSS comprises a minimum set of requirements for protecting cardholder data, and may be enhanced by additional controls and practices to further mitigate risks.

    Payment Card Industry Data Security Standard

    The Security Standard Council produced a set of comprehensive requirements for enhancing payment account data security. The council is comprised of founding payment brands including American Express, Discover Financial Services, MasterCard Worldwide and Visa International and JCB and their mission is to produce standards that can be adopted globally to provide consistent data security measures.

    Becoming familiar with the Payment Card Industry Data Security Standard is a prerequisite to understanding the regulatory environment in which many businesses that accept credit and debit cards operate.

    Mastering the Payment Card Industry Standard
    Private framework seeks to shield credit and debit card account information.

    Additional References

    Stack of papers for additional information security management referencesTest Your Information Security IQ
    Information security is a dynamic field and, although accounting professionals have become much savvier on the subject, keeping track of the latest best practices can be a daunting task. How current are you? Take this quiz on information security basics to find out.

    Small Company Security Resources
    Today, companies rely on technology to manage and operate virtually every aspect of their business, with a critical focus being protecting sensitive financial information and client, vendor and employee data.

    Copyright © 2006-2015 American Institute of CPAs.