VMWare Server Virtualization Audit/Assurance Program

23m
ISACA
ISACA
2011

IT audit and assurance professionals are expected to customize this document to the environment in which they are performing an assurance process. This document is to be used as a review tool and starting point. It may be modified by the IT audit and assurance professional; it is not intended to be a checklist or questionnaire. It is assumed that the IT audit and assurance professional has the necessary subject matter expertise required to conduct the work and is supervised by a professional with the Certified Information Systems

Objective - The VMware server virtualization audit/assurance review will provide management with an independent assessment of the effectiveness of the configuration of, controls over and security of the virtualized servers operating under VMware in the enterprise's computing environment.

Scope - The review will focus on the governance, configuration and management of the relevant VMware virtualized servers in the enterprise, with emphasis, on control issues specific to virtualized environments.

The selection of specific applications, functions and servers will be based on the risks introduced to the enterprise by these systems.

The VMware server virtualization audit/assurance review is not designed to replace or focus on audits that provide assurance of specific application processes and excludes assurance of an application's functionality and suitability.

Since the areas under review rely heavily on the effectiveness of core IT general controls, it is recommended that audit/assurance reviews of the following areas be performed prior to the execution of the VMware server virtualization review so that appropriate reliance can be placed on these assessments:

Identity management as it applies to the VMware environment, i.e., privileged VMware users, user access to VMs, etc.
Security incident management
Secure architecture, including virtualized servers and server farms and network security
Systems development - Test environments are typically hosted on virtualized servers to ease of testing and recovery after crashes
Risk management
Vulnerability management and testing
Cryptographic controls and associated key management

In this Book

VMware Server Virtualization Audit/Assurance Program
Introduction
Using This Document
Controls Maturity Analysis
Assurance and Control Framework
Executive Summary of Audit/Assurance Focus
Audit/Assurance Program
Maturity Assessment
Assessment Maturity vs. Target Maturity
Virtualization Architecture
VMware Performance Metrics

FREE ACCESS

Course CompTIA A+ Core 1: Client-side Virtualization

(148)

Course VMware VCP-DCV vSphere 7: VM Provisioning, Tools, Files, & Containers

(149)

Book Virtualization Essentials, Third Edition

Get Started

Sharpen your skills. Upgrade your career. Find the right learning path for you, based on your role and skills. Take part in hands-on practice, study for a certification, and much more - all personalized for you.

*Not included: Compliance, Leadership Development Program content, and Engineering books

Your content + our content + our platform = a path to learning success

Using our learning experience platform, Percipio, your learners can engage in custom learning paths that can feature curated content from all sources.

Learn More

Aspire to something bigger

Aspire Journeys are guided learning paths that set you in motion for career success.

Browse Aspire Journeys

Explore a world of live learning with Global Knowledge

Choose from convenient delivery formats to get the training you and your team need - where, when and how you want it.

Browse Live Learning

IT Skills & Salary Report

ESG Impact Report

VMWare Server Virtualization Audit/Assurance Program

In this Book

YOU MIGHT ALSO LIKE