Center for Internet Security and CPAs Agree On Best Practices for Information System Security and Reliability.Business Editors NEW YORK--(BUSINESS WIRE)--Oct. 21, 2002 Combines Effective Policies With Detailed Technical Configuration for More Comprehensive Security Solutions The American Institute of Certified Public Accountants With over 330,525 CPA members (in August 2006), the American Institute of Certified Public Accountants (AICPA) is the largest professional organization of Certified Public Accountants (CPAs) in the United States of America. (AICPA AICPA See American Institute of Certified Public Accountants (AICPA). ) and the Center for Internet Security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. (CIS Cis (sĭs), same as Kish (1.) (1) (CompuServe Information Service) See CompuServe. (2) (Card Information S ) have agreed to mutually recommend their respective, complementary system security and reliability resources to CPAs and the business community. The AICPA's SysTrust and WebTrust best practices frameworks, when used in conjunction with the configuration recommendations in the CIS security benchmarks, provide a more comprehensive set of diagnostic and prescriptive tools with which CPAs can examine an information system for security. "The security configuration benchmarks developed by CIS members in particular provide the prescriptive guidance that CPAs can use when helping their clients or employers properly configure their systems to defend against unauthorized intrusions," said Clint Kreitner, President and CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of the Center for Internet Security. "When used in conjunction with the AICPA's SysTrust or WebTrust best practices frameworks, the CPA (Computer Press Association, Landing, NJ) An earlier membership organization founded in 1983 that promoted excellence in computer journalism. Its annual awards honored outstanding examples in print, broadcast and electronic media. The CPA disbanded in 2000. is able to get a more detailed understanding of what technical security settings should be implemented to make a system more secure. Recent research has shown that between 80 and 90 percent of known vulnerabilities are blocked when a system is properly configured and patched. A relevant case study may be found on the CIS Web site." "The CIS Windows 2000 Benchmark and Scoring Tool, when used with the AICPA Security principle and criteria, can help CPAs quickly examine the security configuration of a system against recognized standards to identify vulnerabilities and critical modifications that need to be implemented," said Brian Spindel, CPA, CIA CIA: see Central Intelligence Agency. (1) (Confidentiality Integrity Authentication) The three important concerns with regards to information security. Encryption is used to provide confidentiality (privacy, secrecy). , CISA (Certified Information Systems Auditor) The award for successful completion of an examination in information systems audit, control and security from the Information Security Audit and Control Association. See ISACA. , Security Auditor and Regulatory Liaison for SecurePipe, Inc. "The AICPA Security standards tell CPAs what system security information needs to be examined and why. The CIS tools give CPAs the actual granular details on how to configure the system to meet the standards and how the system under review is currently configured." SysTrust best practices apply to any type of information system, while WebTrust best practices apply only to those information systems that have an e-business component. CIS benchmarks currently apply to the most commonly used operating systems Operating systems can be categorized by technology, ownership, licensing, working state, usage, and by many other characteristics. In practice, many of these groupings may overlap. , Internet software applications (for web servers, database servers and mail servers) and network devices (for routers and firewalls). "Standards of practice must include organizational policy and process considerations as well as explicit guidelines for configuring systems at the operational level using detailed technical security settings," said Anthony Pugliese, Vice President of Member Innovation at the AICPA. "The SysTrust or WebTrust frameworks provide the necessary criteria with which CPAs can establish effective controls and procedures over a system. When combined with recommended configuration settings from CIS, a powerful tool emerges to help businesses strike the necessary balance between security and system functionality." In addition to using the SysTrust/WebTrust best practices frameworks in conjunction with the CIS level II benchmarks, CPAs also have the option of using the CIS scoring tools on those same systems to determine the degree to which the systems configuration conforms to the benchmark. Added Krietner, "Effectively, the scoring tools allow CPAs to drill down past effective controls and policies layers, past the granular layer granular layer n. 1. The deeper of the two layers of the cortex of the cerebellum, containing many granule cells whose dendrites synapse with incoming highly branched nerve fibers but whose axons form synapses with dendrites of Purkinje cells, of setting switches and various configuration to the actual performance of that system to see where its vulnerabilities lie." About the Center for Internet Security The Center for Internet Security (CIS) helps organizations around the world effectively manage the risks related to information security. CIS provides methods and tools to improve, measure, monitor, and compare the security status of Internet-connected systems and appliances. For more information, please visit www.cisecurity.org. About the AICPA The American Institute of Certified Public Accountants (AICPA) is the ISO (1) See ISO speed. (2) (International Organization for Standardization, Geneva, Switzerland, www.iso.ch) An organization that sets international standards, founded in 1946. The U.S. member body is ANSI. 9001 certified national professional organization of CPAs in the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. with more than 350,000 members in public practice, business and industry, government and education. For more information about the AICPA, SysTrust and WebTrust, please visit www.aicpa.org. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion