Solved

exchange365 risk assessment

Posted on 2015-01-29
6
130 Views
Last Modified: 2015-02-20
Our external risk team want to review our organisations email systems. At present it is half "on-premise" and half in the cloud via outlook/exchange365. The on premise is v2013 of Exchange.

What realistically should/could they look at in relation to the cloud email infrastructure (i.e. exchange365)? Are there any tools/scripts/best practice guides for such setups?

For the on-premise you can look at stuff like security configuration of the servers, mailbox DB backup policies, mailbox security access controls, etc etc
0
Comment
Question by:pma111
  • 3
  • 3
6 Comments
 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 40577070
frrom various sources but Microsoft Office 365 is compliant with  ISO 27002 standard on information security practices and techniques to build a control matrix that includes firewalls, anti-virus patching and other controls drawn from the payment card industry's data security standard and also §  ISO 27001, Safe Harbor,   SSAE16 SOC1 Type II, SOC2 Type II,  FISMA regulations.  All of the drives are encrypted using bitlocker, all of the accessing servers are constrained with applocker and only processes s that are needed to access/modify the data are white-listed (they use a white list vs a black list policy).  Users with admin privileges don't have physical access and the converse is also true. for those with physical access don't have admin privileges
0
 
LVL 3

Author Comment

by:pma111
ID: 40577077
So are you basically saying "there is no point"...
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 40577081
There isn't much you can do since the data is more compliant and safer than anything smaller than a major enterprise can hope to attain. They also have an active red team/blue team testing the system on a continuous basis which even some major enterprises can't afford to maintain on an ongoing basis.  That is what you are paying for.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 3

Author Comment

by:pma111
ID: 40577086
I thought you could perhaps as the client still manage access control lists for 365 mailboxes internally, i.e. shared/group mailboxes? Surely there are a few "configurations" within the clients control, i.e. mailbox size, attachment size policy, use of protective marking, default/mandatory email signatures etc. Surely there must be some areas they can review... ?
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 40582464
sure you can administer shared/group mailboxes. login to the admin center/exchange
Exchange admin center
0
 
LVL 3

Author Comment

by:pma111
ID: 40583435
is it possible to export configurations set in the exchange admin centre?
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now