Auditing Your Windows Infrastructure, Intranet And Internet Security: A Practical Audit Program for Assurance Professionals

The in-depth, authoritative reference for intermediate to advanced IT Audit and IT Security professionals.
Following reports of Denial-of-Service attacks and data breaches on large corporation around the world in recent times and its attendant impact on business operations, the need to ensure security of the intranet and internet environment cannot be overemphasized. Considering the widespread use of Windows Operating Systems and other associated services, there is obvious need to ensure security of Windows infrastructure by implementing standard configurations, good internal control systems, enterprise policies as well as promotion of best practices and user awareness within the operating environment. Auditors and other IT Assurance professionals are duty bound to ensure the security of all enterprise systems by instituting a robust internal audit and security assessment process for continuous improvement of good security practices.

“Auditing Your Windows Infrastructure, Intranet and Internet Security” by Nwabueze Ohia provides insight to IT Assurance professionals (Information Systems Auditors, Information Systems Controllers, IT/IS Security and IT/IS Risk professionals) on how to successfully conduct audit or security review of Windows infrastructure, intranet and internet environment of their organizations. It first highlighted some of the risks, vulnerabilities, and process/control lapses associated with some Windows systems, Email Infrastructure (Exchange Server) and Active Directory/Domain Controller Infrastructure and how they can impact the security of intranet environment of organizations. This is important to raise the awareness of the reader on inherent risks/vulnerabilities associated with the Windows Infrastructure. Thereafter, it then highlighted the steps to carrying out the audit testing to verify the effectiveness or otherwise of controls around the following; Active Directory/Domain Controller, Exchange Server, TMG/ISA Server, Windows Servers and Workstations, Skype for Business Server, Virtualization Server and DNS Servers. This exhaustive and comprehensive audit program provides a step by step guide on assessing the effectiveness of controls in an organization’s intranet and internet to ensure security.

The book identified vulnerabilities inherent in Windows infrastructure (servers and services) in conjunction with their implications on confidentiality, integrity and availability of information assets. Detailed audit test procedure to verify the effectiveness of controls build around the system were provided in the book. The audit program covered enterprise policies (IT Security policy, password policy, acceptable use of computer assets policy, network policy, etc.), system administration, security baseline configuration for Windows infrastructure, logical access control and authentication, group policy object (GPO) settings, change management, enterprise log management and correlation, patch management, data loss prevention/endpoint management, vulnerability management, virus control, virtualization, instant messaging and email services, backup and archiving services, spam control, bring-you-own-device policy and administration, among others.