The Tech Gap

One of the really fun things I got to do last fall was spend a [very long] day in Phoenix with the AICPA's Top Techs Task-force. This is the group that distills literally hundreds of "candidate" tech topics into a [hopefully] manageable list for ultimate voting. We've worked very hard the past few years to widen the circle of voters and I'm happy to report it now includes CITP credential holders, IT Section members, ISACA members, and, new this year, ITA members. All told this year we had well over 1,500 technology though-leaders weigh in by voting on the 30 initiatives to determine those that would most directly effect our profession in 2007. The list is impressive --- look for a lot more on these Top 10 issues over the next few months. The full list is below, and this Download press_release_final_top_tech_survey_2007.doc is their press release. Watch for the next issue of the AICPA's Information Technology Update (ITU) --- it carries my article more fully describing each of the Top 10. I'll post that here as soon as it's published.

Here are the 2007 Top 10 Technology Initiatives:

1. Information Security Management: A systematic approach to encompassing people, processes and IT systems that safeguards critical systems and information, protecting them from internal and external threats. Incorporates the preservation of confidentiality (information is not available or disclosed to unauthorized individuals, entities, or processes), integrity (safeguarding the accuracy and completeness of key data) and availability (systems and data are accessible and usable upon demand by an authorized entity) of information. Other properties such as authenticity, accountability, non-repudiation and reliability may also be involved.

2. Identity and Access Management: Identity and access management consists of the hardware, software and processes used to authenticate a user’s identity, i.e. ensure users are who they say they are; then provide users with appropriate access to systems and data based pre-established rights and privileges.  Identity management may utilize one, two or three factor authentication and include passwords, tokens, digital certificates (for web sites and e-mail systems), Public Key Infrastructure (PKI), biometrics and other emerging technologies.

3. Conforming to Assurance and Compliance Standards: Creating formalized strategies and systems to address organizational goals and statutory requirements. These strategies and systems may include collaboration and compliance tools to monitor, document, assess, test and report on compliance with specified controls. It encompasses risk assessment standards, risk management and continuous auditing/continuous monitoring.

4. Privacy Management: The rights and obligations of individuals and organizations with respect to the collection, use, disclosure and retention of personal information. As more information and processes are converted to a digital format, this information must be protected from unauthorized users and from unauthorized usage by those with access to the data, including complying with local, state, national and international laws, and the convergence of security and privacy.

5. Disaster Recovery Planning (DRP) and Business Continuity Management (BCM): A holistic management process that identifies potential threats to an organization and the impact those threats may have on business operations. Resources can include IT equipment, data records, the physical space of an organization, and personnel. Threats to these resources may include theft, virus infestation, weather damage, accidents or other malicious destruction. A well defined, documented, and communicated plan can help provide structure and stability in the event of a business interruption or catastrophe greatly improving the chance of business survival.

6. IT Governance: A structure of relationships and processes that direct and control an organization and help it achieve its goals by adding value while balancing risk versus return over IT and its processes. Includes IT ROI, or the decisions around technology investments and how to optimize related returns. 

7. Securing and Controlling Information Distribution (new): Protecting and controlling the distribution of digital data, i.e. enabling secure distribution and/or preventing illegal distribution and access to protected information. Example: a document distribution strategy controlled by a Digital Rights Management (DRM) server that prevents an encrypted document from being opened by anyone other than the intended recipient.

8. Mobile and Remote Computing (new): Technologies that enable users to securely connect to key resources anywhere, anytime regardless of physical location. Enabling technologies include tablet PCs; PDAs; and wireless technologies such as Bluetooth, WiFi and WiMax.

9. Electronic Archiving and Data Retention (new): Technologies that enable appropriate archiving and retrieval of key information over a given (statutory) period of time with improved efficiency and access to the information. This includes policies and processes to ensure destruction of information from storage and archival media in a timely and consistent manner.  Information includes traditional data as well as telephony, IM traffic, and other emerging forms of collaboration. Storage and backup technologies, including Direct Attached Storage (DAS), Network Attached Storage (NAS) and Storage Area Networks (SANs), and optical devices such as DVDs, CDs, and Blu-Ray help support the archiving and retrieval process.

10. Document, Content and Knowledge Management (new): The process of capturing, indexing, storing, retrieving, searching and managing information electronically, including database management of PDFs and other formats. Knowledge management then brings structure and control to this information, allowing organizations to harness the intellectual capital contained in the underlying data. This is sometimes referred to as the “paperless” office even though “less-paper” or digital office may be a more accurate term.

The AICPA has posted more information on their website.

gll