The in-depth, authoritative reference for intermediate to advanced IT Audit and IT Security professionals. Following reports of Denial-of-Service attacks and data breaches on large corporation around the world in recent times and its attendant impact on business operations, the need to ensure security of the intranet and internet environment cannot be overemphasized. Considering the widespread use of Windows Operating Systems and other associated services, there is obvious need to ensure security of Windows infrastructure by implementing good internal control systems, enterprise policies as well as promotion of best practices and user awareness within the operating environment. Auditors and other IT Assurance professionals are duty bound to ensure the security of all enterprise systems by instituting a robust internal audit and security assessment process for continuous improvement of good security practices. “Auditing Your Windows Infrastructure, Intranet and Internet Security” by Nwabueze Ohia provides insight to IT Assurance professionals (Information Systems Auditors, Information Systems Controllers, IT/IS Security and IT/IS Risk professionals) on how to successfully conduct audit or security review of Windows infrastructure, intranet and internet network of their organizations. Windows infrastructure are not limited to the Active Directory/Domain Controller, Exchange Server, TMG/ISA Server, Windows Servers and Workstations, Skype for Business Server, Virtualization Server and DNS Servers. This exhaustive and comprehensive audit program provides a step by step guide on assessing an organization’s intranet and internet security. The book assessed vulnerabilities inherent in Windows infrastructure (servers and services) in conjunction with their implications on confidentiality, integrity and availability of information assets. Detailed audit test procedure to identify those vulnerabilities and control gaps were provided in the book. The audit program covered enterprise policies (IT Security policy, password policy, acceptable use of computer assets policy, network policy, etc.), system administration, baseline configuration for Windows infrastructure, logical access control and authentication, group policy object (GPO) settings, change management, enterprise log management and correlation, patch management, endpoint management, vulnerability management, virus control, virtualization, domain administration, instant messaging and email services, backup and archiving services, spam control, bring-you-own-device policy and administration, among others.
Author: Nwabueze Ohia