OPPapers.com

Top 10 Ais Security Concerns

CPAs have consistently recognized the potential for threats and opportunities for shielding individuals, organizations,
and business and accounting professionals from attacks. The results of the AICPA 2006 Top Ten Technologies survey
noted the following issues of greatest concern:
■ Information security: the hardware, software, processes, and procedures in place to protect information systems from
internal and external threats. They include routers, perimeter firewalls, IP strategy, intrusion detection and reporting, content
filtering, antivirus, antispyware, password management, vulnerability assessment, patch management, personal firewalls,
wireless security strategies, data encryption, locked facilities, and user education.
■ Assurance and compliance applications (e.g., SOX section 404, enterprise risk management): collaboration and compliance
tools that enable various stakeholders to monitor, document, assess, test, and report on compliance with specified
controls.
■ Disaster and business continuity planning: the development, monitoring, and updating of the process by which organizations
plan for continuity of their business in the event of a loss of information resources due to theft, virus infection,
weather damage, accidents, or other malicious destruction.
■ IT governance: the structure of relationships and processes to direct the enterprise in order to achieve the enterprise’s
goals by adding value while still balancing risk versus return over IT and its processes.
■ Privacy management: the rights and obligations of individuals and organizations with respect to the collection, use,
disclosure, and retention of personal information. As more information and processes are being converted to a digital
format, this information must be protected from unauthorized users and from unauthorized usage by those with access.
■ Digital identity and authentication technologies: ways to ensure users are who they say they are. These include hardware
and...