Information Security is one of the major areas of concern for our government as it faces threats to the nation's critical infrastructure. For organizations, prevention of compromise to their information assets makes this issue a priority as focus and resources are placed on the formation of information security policy and the implementation of control measures to prevent access and/or manipulation of their systems and data.
With the ever-increasing demands and requirements to ensure your organization’s or clients' business data, information, and systems are secure, the AICPA’s Information Management and Technology Assurance Center website provides the following content designed to help you in your own practice, as well as to serve as resources when advising or providing assurance to others.
ABCs of IT Security for CPAs #8: A CPA’s Introduction to Peripherals Security Management
With the rampant growth in cybercrime, it's no longer a question of if CPAs, their clients or their organization will become a victim, but when. The Top 5 Cybercrimes, a white paper developed by the AICPA's Forensic and Valuation Services Section in conjunction with the IMTA Division, identifies and examines the cybercrimes that pose the strongest threats for CPAs. It features expert remediation guidance, real-life examples, in-depth statistics and invaluable resources that can help CPAs in their prevention, detection and recovery strategies.
|ABCs of IT Security for CPAs
Peripheral devices are fueling a growing trend of security breaches, information leakage, and data theft inside and outside networked environments.
ABCs of IT Security for CPAs #7: Introduction to Security Maintenance Considerations
Computer systems require routine maintenance and upkeep to keep current and secure.
ABCs of IT Security for CPAs #6: Introduction to Perimeter Security
This article introduces the cornerstones of network perimeter security.
ABCs of IT Security for CPAs #5: What CPAs Should Know About Desktop Security Measures
Every security component works alongside or in conjunction with other facets of an overall framework to achieve and fulfill some desired security policy objective.
ABCs of IT Security for CPAs #4: A CPAs Introduction to Mobile and Remote Computing Security Considerations
As everyday mobile devices take on more features, forms, and functions new opportunities for potential attack and exploitation come along with them.
ABCs of IT Security for CPAs #3: A CPAs Introduction to Physical Security Considerations
Physical security is part of a multi-layered model that incorporates various practices, protocols, and procedures.
ABCs of Information Security #2: A CPAs Introduction to IT Policies and Procedures (Article)
Learn how to develop and implement effective IT policies and what to look for in client policies.
ABCs of Information Security #1: What is Information Security? An IT Security Primer (Article)
The first article in a series on Information Security introduces CPAs to information security with a discussion of the CIA Triad, and how the principles of Confidentiality, Integrity and Availability, lie at the heart of any successful IT security strategy.
GTAG 6: Managing and Auditing IT Vulnerabilities
|Information Security Audits
Among their responsibilities, information technology (IT) management and IT security are responsible for ensuring that technology risks are managed appropriately. GTAG 6 has been deleted from the IPPF and some of its concepts are combined with the 2nd edition of GTAG 4
Don't Let This Happen To You: Critical Information Security Audit Considerations
Review of specific policies and procedures related to the security portion of Information Technology internal audit.
Identity Management and Access Control
|Identity and Access Management
With the near ubiquity of computerized accounting systems, identity and access management (IAM) has become a critical entity-level control functioning both at the system and application levels.
GTAG 9: Identity and Access Management
Prepared by The Institute of Internal Auditors (The IIA), each Global Technology Audit Guide (GTAG) is written in straightforward business language to address a timely issue related to information technology (IT) management, control, and security.
Download a comment letter
on the National Institutes of Standards and Technology’s (NIST’s) Small Business Information Security: The Fundamentals, a reference guideline developed by the NIST in partnership with the Small Business Administration (SBA) and the Federal Bureau of Investigation (FBI) as information security awareness outreach to the small business community.
Download a comment letter
on the National Institutes of Standards and Technology's (NIST's) Preliminary Cybersecurity Framework (Preliminary Framework) pursuant to the President's Executive Order 13636 on Improving Critical Infrastructure Cybersecurity.
Test Your Information Security IQ
Information security is a dynamic field and, although accounting professionals have become much savvier on the subject, keeping track of the latest best practices can be a daunting task. How current are you? Take this quiz on information security basics to find out.
Small Company Security Resources
Today, companies rely on technology to manage and operate virtually every aspect of their business, with a critical focus being protecting sensitive financial information and client, vendor and employee data.