Home Applications Meeting CobIT Control Objectives with Microsoft Terminal Services

Meeting CobIT Control Objectives with Microsoft Terminal Services

0
0

Meeting CobIT Control Objectives 
with Microsoft Terminal Services
Last Update 05-05-2010
Table of Contents:
 
 
This article will introduce how Microsoft Terminal Services can help organizations of any size meet regulatory mandates by following the CobIT methodology. The CobIT methodology, which is referenced via the Sarbanes-Oxley legislation, provides 215 control objectives in four high level domains. This article highlights how 52 of the control objectives are meet by using Microsoft Terminal Services and the server based computing model.
 
CobIT is a mature, control framework, first released in 1996 by the Information Systems Audit and Control Association (ISACA). Since its origin its evolved with a second edition in 1998, a third in 2000, and a fourth edition in November 2005. CobIT is maintained by the IT Governance Institute (ITGI) and Information Systems Audit and Control Association (ISACA). ISACA describes CobIT as a "framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks" (ref: ISACA). CobIT has become the de facto standard for auditors and Sarbanes-Oxley compliance, which has significantly increased its visibility and use. CobIT has been widely mapped against the “big three” standards, COSO, ITIL, ISO 17799.
 
CobIT is comprised of six documents. List 1.2 shows the six documents:
  • Management Guidelines
  • Implementation ToolSet
  • Executive Summary
  • Framework
  • Control Objectives
  • Audit Guidelines
 
From a structural perspective CobIT consists of a set of 215 Control Objectives for information technology, intended to enable auditing. The Control Objectives are guidance, in that they describe what should be accomplished.
 
The inherent advantages with Terminal Services in regards to compliance stems from the server based computing model, which allows centralized provisioning, operations and management of the entire Windows application and desktop environment from the data center. Access to information systems is provided by a single piece of client software namely the RDC client, which is hardware and operating system independent. With Terminal Services all of applications and Windows desktops are centrally managed in the datacenter. This also allows centralization of security and reglatory compliance policies such as segregation of duties, authentication and access control, patch management, change management, virus scans, data retention, access and transaction auditing, and business continuity. By leveraging Terminal Services’ centralized management capabilities organizations can simplify access controls and system auditing for employees as well as business partners.
 
Auditing corporate information systems for Sarbanes-Oxley compliance can be an overwhelming task due in part to the lack of a definitave Sarbanes-Oxley compliance road map. Organizations turn to 3rd party auditors, which tipically uncover deficiencies in the areas of segregation of duties, change control, and strong password policy enforcement.
 
As with information security, compliance is not a one-time event. Ongoing testing of existing controls must occur yearly and modifications will require additional testing and validation. The consensus is that the scope of audits as well as the expectation of controls will continue to increase. 
 
The current emphasis on audits is baseline security as it pertains to access control, identity management, and audit level visibility of user interactions with corporate systems. Subsequent audits will likely explore the need for a stronger identity management supporting non-repudiation of executive signoffs of financial statements and internal approvals of transactions within the scope of Sarbanes-Oxley Act section 302 and 404. 

Detailed responses to CobIT audit points 

To read the entire article at its source, please refer to Meeting CobIT Control Objectives  with Microsoft Terminal Services

Resources:
Oracle VM (The Underground Oracle VM Manual)

Featured Resources:

Related Articles:

DABCC DABCC.com, the world leader in sharing the finest Virtualization & Cloud news and support resources. #Citrix, #VMware, #Microsoft, #Mobility and much more! Brought to you by @douglasabrown & team!
| LATEST RESOURCES

White Papers

    NEW VMware Whitepaper – Deliver Office 365 in VMware Horizon 7 with Published Applications

    By Frank Anderson, End-User-Computing Solutions Architect, Desktop Technical Marketing, VMware and Cindy Heyer Carroll, Technical Writer, End-User-Computing Technical Marketing, VMware We are excited to announce a new white paper, Best Practices for Delivering Microsoft Office 365 in VMware Horizon 7 with Published Applications, now available to help you avoid risks that can occur during setup […]

    Downloads

      FREE Tool – Troubleshoot Remote Desktop Connections

      Everyone wants to do things in a simple and effortless way. From a child that plays with a remote controlled car to a photographer who uses a drone for landscape photography, nowadays nearly everything can be automated or operated remotely. And system administration is no exception. Troubleshooting remote desktops is now as easy as using […]

      On-Demand Webinars

        How analyzing data patterns can improve IT service delivery – On-Demand Webinar

        Watch this webinar to know how to use Analytics Plus to- 1. Identify data patterns using visual analysis to spot trends easily. 2. Correlate data from multiple sources and get unified visibility into your IT. 3. Create live dashboards to make continuous improvements in ITSM processes. This video is from the fine folks at ManageEngine

        Latest Videos

          VMware TrustPoint and AirWatch Integration Demo Video

          Learn how out-of-the-box integration of VMware TrustPoint and AirWatch further enhances securing and managing mobile, desktop and server environments, and dynamically drives policy configuration changes across the organization for even stronger compliance and faster threat containment. This video is from the fine folks at VMware EUC.

          Views All IT News on DABCC.com
          Views All IT Videos on DABCC.com
          Win a Tesla P100D

          Visit our Sponsors!


          Close