Information Technology Review - Auditing Information Systems: Enhancing Performance of the Enterprise

Information Technology Reference

In-Depth Information

enterprise and provide appropriate comments and recommendations. Some of the

audit objectives which the audit team might be given to perform an audit include:

1. ensuring monitoring of web servers

2. web server configuration should be according to approved standards

3. unused services on the web server should be disabled

4. using malware filter on web server.

f) Communication Tools

In most enterprises, the predominant form of communication is by email. There are vari-

ous software tools which are used to facilitate email communication. Some enter-

prises prefer to use email applications such as Microsoft Outlook and Mozilla Thun-

derbird. It is also common to find use of web-based email systems such as Gmail,

Yahoo, and Outlook web access. A lot of corporate information is sent and received

using emails. Email communication should be protected as it forms a critical part

of a company's data silos. Other forms of communication in an office environment

include social media blogs, SMS, and other internal communication tools. The In-

ternet, which we will discuss later in this chapter, is an important catalyst to email

communication in the office and between enterprises.

Due to the importance of email communication and the sensitivity of information which

is generated and used by businesses, it is essential that IS auditors recognise the need

to protect this information. Most enterprises have put in place measures of protecting

emails generated by businesses for future reference or record. Most of these emails

and other forms of communication are backed up from servers and workstations and

stored on backup storage media.

The IS auditor should ensure that communication data is properly backed up and can be

accessed when needed. Communication data is equally important just as data gener-

ated through other business and financial transactions. When requested to carry out

an audit, the following are some of the audit objectives the IS auditor might be given

by management:

1. ensure recovery of lost email data

2. security of email servers

3. observance of personal privacy

4. implementation of access controls to protect email communication

5. securing of SMS, blogs, social media, and other non-email data

6. compliance with email policies

Search WWH ::

Custom Search

Home