Voice Over Internet Protocol (VoIP) Audit/Assurance Program
- 13m
- ISACA
- ISACA
- 2012
IT audit and assurance professionals are expected to customize this document to the environment in which they are performing an assurance process. This document is to be used as a review tool and starting point. It may be modified by the IT audit and assurance prof essional; it is not intended to be a checklist or questionnaire. It is assumed that the IT audit and assurance professional has the necessary subject matter expertise required to conduct the work and is supervised by a professional with the Certified Information Systems Auditor (CISA) designation and/or necessary subject matter expertise to adequately review the work performed.
A typical VoIP network comprises a complex series of cooperating protocols, networks (wireless and wired), servers, security architectures, special services (such as E-911), backup and recovery systems, and interfaces to the PSTN.
During the audit planning process, the auditor must determine the scope of the audit. Depending on the specific implementation, this may include:
- Evaluation of governance, policies and oversight relating to VoIP
- Data classification policies and management
- The appropriate VoIP business case, actual deployment or upgrade processes, strategy and implementation controls
- Technical architecture(s), including security systems, multiple platforms (different vendors which supply and/or support VoIP), interfaces with data networks, backup and recovery, data retention and destruction policy, and technology
- Assessments of IT infrastructure and personnel to support the VoIP architecture(s)
- Baseline configurations of deployed hardware and software
- Issues related to decentralized VoIP servers
- Issues related to failover clustering, where appropriate
In this Book
-
Voice-over Internet Protocol (VoIP) Audit/Assurance Program
-
Introduction
-
Using This Document
-
Assurance and Control Framework
-
Executive Summary of Audit/Assurance Focus
-
Audit/Assurance Program
-
Maturity Assessment
-
VoIP Threat Taxonomy
-
Separation of Data and VoIP VLANs (Schematic)
-
References