Download (368K; Member Only)
Purchase the Book
Provide feedback on this document
Visit the Audit Tools and Techniques Knowledge Center community
IT audit and assurance professionals are expected to customize this document to the environment in which they are performing an assurance process. This document is to be used as a review tool and starting point. It may be modified by the IT audit and assurance professional; it is not intended to be a checklist or questionnaire. It is assumed that the IT audit and assurance professional has the necessary subject matter expertise required to conduct the work and is supervised by a professional with the Certified Information Systems Auditor (CISA) designation and/or necessary subject matter expertise to adequately review the work performed.
Exchange Server 2010 is comprised of a series of cooperating processes that communicate with one another on local and remote computers, as well as with domain controllers, and a number of different clients. Internet Information Server (IIS) is integral to Exchange Server’s functionality. This series of complex relationships means that locking down and auditing Exchange Server 2010 requires consideration of several different components.
Security and control of Exchange Server 2010 depend on the larger control structure in place in the enterprise. The audit of Exchange Server2010 needs to take account of this integration with other parts of the Corporate IT architecture. This means that, in addition to technical aspects of Exchange Server 2010, the audit/assurance professional must focus on the governance, policies and monitoring/oversight functions associated with its deployment and management.
The audit/assurance professional should be familiar with Exchange Server 2010’s primary management tools and is cautioned not to attempt to conduct an audit/assurance review of Exchange Server 2010 utilizing this program as a checklist.