A mistake by AT&T that violated security to many of the telecommunications company's small business customers supports the finding that Information Security and Controls is the number one concern among the issues affecting the profession in 2001.
Billing and account information for about 120,000 could be viewed by customers, according to the story on MSNBC.com. Although AT&T shut down this portion on the site right away once it learned of the problem, sensitive data leads to the already-perceived lack of controls when it comes to online information.
Where does the CPA begin to address similar issues? According to the experts, the answer rests with a sharp focus on making informed decisions.
"As the number of threats increase and the budget dollars for security become limited, companies must choose the solutions that are the most cost-effective," says Sandi Smith, CPA, who participated in the Top Ten Technologies lab last fall. "A risk management approach facilitates the decision-making required to spend the budget wisely on the most severe or most probable threats. A risk management approach also helps to tame the complexity of the problem by prioritizing the threats and systematically assigning solutions."
According to her article on the Top Ten Technologies Web site, "the rising costs of security breaches and organizations' thwarted attempts to stop them in recent years are causing security managers everywhere to look for new solutions and approaches in information security management."