Microsoft Exchange Server 2010 Audit/Assurance Program

  • 14m
  • 2011

IT audit and assurance professionals are expected to customize this document to the environment in which they are performing an assurance process. This document is to be used as a review tool and starting point. It may be modified by the IT audit and assurance professional has the necessary subject matter expertise required to conduct the work and is supervised by a professional with the Certified Information Systems Auditor (CISA) designation and/or necessary subject matter expertise to adequately review the work performed.

Exchange Server 2010 is comprised of a series of cooperating processes that communicate with one another on local and remote computers, as well as with domain controllers, and a number of different clients. Internet Information Server (IIS) is integral to Exchange Server's functionality. This series of complex relationships means that locking down and auditing Exchange Server 2010 requires consideration of several different components.

Security and control of Exchange Server 2010 depend on the larger control structure in place in the enterprise. The audit of Exchange Server 2010 needs to take account of this integration with other parts of the Corporate IT architecture. This means, that in addition to technical aspects of Exchange Server 2010, the audit/assurance professional must focus on the governance, policies and monitoring/oversight functions associated with its deployment and management.

The audit/assurance professional should be familiar with Exchange Server 2010's primary management tools and is cautioned not to attempt to conduct an audit/assurance review of Exchange Server 2010 utilising this program as a checklist.

In this Book

  • Microsoft Exchange Server 2010 Audit/Assurance Program
  • Introduction
  • Using This Document
  • Assurance and Control Framework
  • Executive Summary of Audit/Assurance Focus
  • Audit/Assurance Program
  • Maturity Assessment
  • Maturity Assessment vs. Target Assessment
  • Exchange Server 2010—Server Roles
  • Exchange Server 2010 Transport Pipeline—Schematic
  • Specimen Exchange Server Management Role Hierarchy