Information, Articles, Tools, and Useful LinksCommittee Listings, Member Forums, and Find a CITPInformation on AICPA Tech. Conference, Seminars, Webcasts, and ConferencesIT Section Membership Information, CITP Credential Information, Members Only Tools and Communications, and MorePublications, CPE, Conferences, and Webcasts
 
Search
 

Search Options
Infotech Home > Resources > Information Security Management

Information Security Management

Information Security is one of the major areas of concern for our government as it faces threats to the nation's critical infrastructure. For organizations, prevention of compromise to their information assets makes this issue a priority as focus and resources are placed on the formation of information security policy and the implementation of control measures to prevent access and/or manipulation of their systems and data.

 

With the ever-increasing demands and requirements to ensure your organization’s or clients' business data, information, and systems are secure, the AICPA’s Information Technology Center Web site provides the following content designed to help you in your own practice, as well as to serve as resources when advising or providing assurance to others.

Can Spam: Techniques to Filter Out Unwanted E-mail

This article describes ways to filter most forms of spam out of your mail. Learn More>>

 

Mastering the Payment Card Industry Standard
Becoming familiar with the Payment Card Industry Data Security Standard is a prerequisite to understanding the regulatory environment in which many businesses that accept credit and debit cards operate. Learn More>>

Test Your Information Security IQ
Information security is a dynamic field and, although accounting professionals have become much savvier on the subject, keeping track of the latest best practices can be a daunting task. How current are you? Take this quiz on information security basics to find out. Learn More>>

Discussion Paper: Identity Management and Access Control
With the near ubiquity of computerized accounting systems, identity and access management (IAM) has become a critical entity-level control functioning both at the system and application levels. This article introduces the related concepts of Identity Management and Access Control and discusses why they are so crucial for CPAs to understand. Learn More>>

Four Tools To Manage Your Enterprise System

Management. It’s a word that evokes many images, but what if the very tool, or process you chose to manage your systems, could also be a source of risk for a firm or organization? Learn More>>
Auditing Risk - A Practical Method Using the InfoSec Triangle
Finally – a logical methodology to determine audit risk within an organization. Scott Cytron offers a 360-degree observation of the InfoSec Triangle that includes an interview with one of the auditing profession’s most prolific insiders – Professor Tommie Singleton of the University of Alabama-Birmingham. Learn More>>
The Inside View of Information Security Management
As a complementary article to the story on the InfoSec Triangle, three CPA.CITPs discuss how information security can be better managed within an organization. Learn More>>
Small Company Security Resources

Today, companies rely on technology to manage and operate virtually every aspect of their business, with a critical focus being protecting sensitive financial information and client, vendor and employee data. Unfortunately, in the news nearly every week, there are security breach reports ranging from hacked databases to stolen information, both resulting in significant company losses. Learn More>>
Guide to Information Technology Security Services NIST Special Publication 800–36
The guide seeks to assist in choosing IT security products that meet an organization’s requirements. The selection of IT security products, and the implementation of the security program within which these products are used, follows the risk management process of identifying the most effective mix of management, operational, and technical controls. Learn More>>
Common Vulnerabilities and Exposures
Common Vulnerabilities and Exposures (CVE®) is a list or dictionary of publicly known information security vulnerabilities and exposures international in scope and free for public use. CVE's common names facilitate the exchange of vulnerability information across security advisories, tools, databases, and services that did not exist prior to the creation of CVE. Learn More>>
Choosing and Protecting Passwords
Passwords are a common form of authentication and are often the only barrier between a user and your personal information. There are several programs attackers can use to help guess or "crack" passwords, but by choosing good passwords and keeping them confidential, you can make it more difficult for an unauthorized person to access your information. Learn More>>
What Is OVAL?
OVAL provides a baseline method for performing vulnerability assessments on local computer systems. Learn More>>
Identity and Access Management

What do air travelers, teachers, children and even convicts have in common? They are all voluntarily or involuntarily undergoing “iris scans.” Learn More>>
Deploying Firewalls
The purpose of this document is to cover the fundamentals of firewall functionality (packet filtering) and the deployment process. Learn More>>
Understanding Firewalls
When anyone or anything can access your computer at any time, your computer is more susceptible to being attacked. You can restrict outside access to your computer and the information on it with a firewall. Learn More>>
Information Security Primer for CPAs
In an effort to combat this trend, and revisit the basics, this article covers the fundamentals of information security, including an overview of basic terms, goals of information security and examples of specific tools anyone can use to improve their security readiness. Learn More>>
Information Security Continues to Be Vital for CPAs in Public Accounting, Business and Industry
With the increased pressure on companies to comply with security standards, most businesses try to maintain a competitive edge by keeping certain information security initiatives at the forefront of their plans. Learn More>>
Managing and Auditing IT Vulnerabilities
This guide from the Institute of Internal Auditors (IIA) was developed to help Chief Audit Executives (CAEs) and internal auditors better assess the effectiveness of an organization’s internal vulnerability management procedures. It proposes criteria for identifying high- and low performing organizations, and recommends specific IT management practices intended to help organizations increase the effectiveness and efficiency of their vulnerability management efforts. Learn More>>
Information Security Management Content Suite
IT Section Member

The following content is intended to introduce CPAs to the basic concepts and terminology surrounding IT security. Learn More>>
Wireless Technologies
This article provides an update on the status of wireless networking in the domains of personal area networking; local area networking; and wide area networking. Learn More>>
The Payment Card Industry Data Security Standard (PCI DSS)
The Security Standard Council produced a set of comprehensive requirements for enhancing payment account data security. The council's mission is to produce standards that can be adopted globally to provide consistent data security measures. The standard is meant to assist organizations to take the initiative to implement measures that will ensure that customer account data is not comprised. Learn More>>