AICPA 2007 Top Technology Initiatives Defined

1. Information Security Management: A systematic approach to encompassing people, processes and IT systems that safeguards critical systems and information, protecting them from internal and external threats. Incorporates the preservation of confidentiality ( information is not available or disclosed to unauthorized individua ls, entities, or processes) , integrity ( safeguarding the accuracy and completeness of key data ) and availability (systems and data are accessible and usable upon demand by an authorized entity ) of information. Other properties such as authenticity, accountability, non-repudiation and reliability may also be involved.

2. Identity and Access Management: Identity and access management consists of the hardware, software and processes used to authenticate a user’s identity (i.e., ensure users are who they say they are), then provide users with appropriate access to systems and data-based pre-established rights and privileges. Identity management may utilize one-, two- or three-factor authentication and include passwords, tokens, digital certificates (for websites and e-mail systems), Public Key Infrastructure (PKI), biometrics and other emerging technologies.

3. Conforming to Assurance and Compliance Standards: Creating formalized strategies and systems to address organizational goals and statutory requirements. These strategies and systems may include collaboration and compliance tools to monitor, document, assess, test and report on compliance with specified controls. It encompasses risk assessment standards, risk management and continuous auditing/continuous monitoring.

4. Privacy Management: The rights and obligations of individuals and organizations with respect to the collection, use, disclosure and retention of personal information. As more information and processes are converted to a digital format, this information must be protected from unauthorized users and from unauthorized usage by those with access to the data, including complying with local, state, national and international laws, and the convergence of security and privacy.

5. Disaster Recovery Planning and Business Continuity Management: A holistic management process that identifies potential threats to an organization and the impact those threats may have on business operations. Resources can include IT equipment, data records, the physical space of an organization, and personnel. Threats to these resources may include theft, virus infestation, weather damage, accidents or other malicious destruction. A well-defined, documented and communicated plan can help provide structure and stability in the event of a business interruption or catastrophe, greatly improving the chance of business survival.

6. IT Governance: A structure of relationships and processes that direct and control an organization and help it achieve its goals by adding value while balancing risk versus return over IT and its processes. Includes IT ROI or the decisions around technology investments and how to optimize related returns.

7. Securing and Controlling Information Distribution: Protecting and controlling the distribution of digital data (i.e., enabling secure distribution and/or preventing illegal distribution and access to protected information). Example: a document distribution strategy controlled by a Digital Rights Management (DRM) server that prevents an encrypted document from being opened by anyone other than the intended recipient.

8. Mobile and Remote Computing: Technologies that enable users to securely connect to key resources anywhere, anytime regardless of physical location. Enabling technologies include tablet PCs; PDAs; and wireless technologies such as Bluetooth, WiFi and WiMax.

9. Electronic Archiving and Data Retention: Technologies that enable appropriate archiving and retrieval of key information over a given (statutory) period of time with improved efficiency and access to the information. This includes policies and processes to ensure destruction of information from storage and archival media in a timely and consistent manner. Information includes traditional data as well as telephony, IM traffic and other emerging forms of collaboration. Storage and backup technologies, including Direct Attached Storage (DAS), Network Attached Storage (NAS) and Storage Area Networks (SANs), and optical devices such as DVDs, CDs and Blu-Ray help support the archiving and retrieval process.

10. Document, Content and Knowledge Management: The process of capturing, indexing, storing, retrieving, searching and managing information electronically, including database management of PDFs and other formats. Knowledge management then brings structure and control to this information, allowing organizations to harness the intellectual capital contained in the underlying data. This is sometimes referred to as the “paperless” office even though “less-paper” or digital office may be more accurate terms.

What Do You Do With these Top Technology Initiatives?

This article is only one of many to be presented during 2007. For the most updated information, visit the AICPA’s IT Center at www.aicpa.org/toptech. The AICPA is developing additional content for many of the Top Technology Initiatives. Look for expanded articles in InfoTech Update, as well as case studies and practice aids on the IT Center and in e-mail notifications.

Read related article, AICPA 2007 Top Technology Initiatives.