Information Security Management

    Information Security Management 

    Information Security is one of the major areas of concern for our government as it faces threats to the nation's critical infrastructure. For organizations, prevention of compromise to their information assets makes this issue a priority as focus and resources are placed on the formation of information security policy and the implementation of control measures to prevent access and/or manipulation of their systems and data.

    With the ever-increasing demands and requirements to ensure your organization’s or clients' business data, information, and systems are secure, the AICPA’s Information Management and Technology Assurance Center website provides the following content designed to help you in your own practice, as well as to serve as resources when advising or providing assurance to others.

    Highlighted Resource
    The Top Five Cybercrimes White Paper
    With the rampant growth in cybercrime, it's no longer a question of if CPAs, their clients or their organization will become a victim, but when. The Top 5 Cybercrimes, a white paper developed by the AICPA's Forensic and Valuation Services Section in conjunction with the IMTA Division, identifies and examines the cybercrimes that pose the strongest threats for CPAs. It features expert remediation guidance, real-life examples, in-depth statistics and invaluable resources that can help CPAs in their prevention, detection and recovery strategies.
    ABCs of IT Security for CPAs

    Check list for IT security for CPAsABCs of IT Security for CPAs #8: A CPA’s Introduction to Peripherals Security Management
    Peripheral devices are fueling a growing trend of security breaches, information leakage, and data theft inside and outside networked environments.

    ABCs of IT Security for CPAs #7: Introduction to Security Maintenance Considerations
    Computer systems require routine maintenance and upkeep to keep current and secure. 

    ABCs of IT Security for CPAs #6: Introduction to Perimeter Security
    This article introduces the cornerstones of network perimeter security.

    ABCs of IT Security for CPAs #5: What CPAs Should Know About Desktop Security Measures
    Every security component works alongside or in conjunction with other facets of an overall framework to achieve and fulfill some desired security policy objective.

    ABCs of IT Security for CPAs #4: A CPAs Introduction to Mobile and Remote Computing Security Considerations
    As everyday mobile devices take on more features, forms, and functions new opportunities for potential attack and exploitation come along with them.

    ABCs of IT Security for CPAs #3: A CPAs Introduction to Physical Security Considerations
    Physical security is part of a multi-layered model that incorporates various practices, protocols, and procedures.

    ABCs of Information Security #2: A CPAs Introduction to IT Policies and Procedures (Article)
    Learn how to develop and implement effective IT policies and what to look for in client policies.

    ABCs of Information Security #1: What is Information Security? An IT Security Primer (Article)
    The first article in a series on Information Security introduces CPAs to information security with a discussion of the CIA Triad, and how the principles of Confidentiality, Integrity and Availability, lie at the heart of any successful IT security strategy.

    Information Security Audits

    Pens and paper for IT security auditGTAG 6: Managing and Auditing IT Vulnerabilities
    Among their responsibilities, information technology (IT) management and IT security are responsible for ensuring that technology risks are managed appropriately. GTAG 6 has been deleted from the IPPF and some of its concepts are combined with the 2nd edition of GTAG 4.

    Don't Let This Happen To You: Critical Information Security Audit Considerations
    Review of specific policies and procedures related to the security portion of Information Technology internal audit.

    Identity and Access Management

    Glasses for identity management and access controlIdentity Management and Access Control
    With the near ubiquity of computerized accounting systems, identity and access management (IAM) has become a critical entity-level control functioning both at the system and application levels.

    GTAG 9: Identity and Access Management
    Prepared by The Institute of Internal Auditors (The IIA), each Global Technology Audit Guide (GTAG) is written in straightforward business language to address a timely issue related to information technology (IT) management, control, and security.

    Additional References

    Stack of papers for additional information security management referencesDownload a comment letter on the National Institutes of Standards and Technology’s (NIST’s) Small Business Information Security: The Fundamentals, a reference guideline developed by the NIST in partnership with the Small Business Administration (SBA) and the Federal Bureau of Investigation (FBI) as information security awareness outreach to the small business community.

    Download a comment letter on the National Institutes of Standards and Technology's (NIST's) Preliminary Cybersecurity Framework (Preliminary Framework) pursuant to the President's Executive Order 13636 on Improving Critical Infrastructure Cybersecurity.

    Test Your Information Security IQ
    Information security is a dynamic field and, although accounting professionals have become much savvier on the subject, keeping track of the latest best practices can be a daunting task. How current are you? Take this quiz on information security basics to find out.

    Small Company Security Resources
    Today, companies rely on technology to manage and operate virtually every aspect of their business, with a critical focus being protecting sensitive financial information and client, vendor and employee data.

    Copyright © 2006-2015 American Institute of CPAs.