• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Risk Management in Microsoft Online Services
 

Risk Management in Microsoft Online Services

on

  • 848 views

 

Statistics

Views

Total Views
848
Views on SlideShare
848
Embed Views
0

Actions

Likes
1
Downloads
13
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Risk Management in Microsoft Online Services Risk Management in Microsoft Online Services Presentation Transcript

    • Updated August 10, 2009
      Security in Business Productivity Online Suite
    • Agenda
      What is Business Productivity Online Suite
      Microsoft Online Services Risk Management
      Security
      Privacy & Regulatory
      Service Continuity
      Compliance Management
      Customer Benefits
      Q&A
    • Business Productivity Online Suite
      Some existing customers
    • Risk Management Program
      Information Security Policy
      Security
      Privacy
      Service Continuity
      Compliance Management
    • Security Program
      A risk-based, multi-dimensional approach to help safeguard services and data
      Security Management
      Security Monitoring & Response, Threat & Vulnerability Management
      Data
      Access Control & Monitoring, File/Data Integrity
      User
      Account Management, Training & Awareness, Screening
      Application
      Secure Development Lifecycle, Access Control & Monitoring, Anti-Malware
      Host
      Access Control & Monitoring, Anti-Malware, Patch & Config Mgmt
      Internal Network
      Dual-factor Authentication, Intrusion Detection, Vulnerability Scanning
      Network perimeter
      Facility
      Edge Routers, Firewalls, Intrusion Detection, Vulnerability Scanning
      Video Surveillance, biometrics, Access Control
    • Privacy Program
      Designed to establish consistent "high bar" privacy practices that support global standards for data handling and transfer
      Documented & enforced privacy requirements
      • Microsoft Online Services Privacy Statement
      • Microsoft Online Services Privacy and Regulatory Divisional Requirements Specific to Software + Services
      • Corporate-level Privacy Guidelines for Service Development
      Privacy disclosures & transparency
      • Microsoft Online Services Privacy Statement
      • EU Safe Harbor Certification
    • Service Continuity Program
      Business Impact Assessment
      Single point of failure and dependency analysis
      Defined recovery objectives
      Documented recovery plans and procedures
      Recovery exercises
    • Compliance Management
      Rationalize and harmonize requirements
      Microsoft internal
      Corporate (security & privacy policies, etc.)
      Microsoft Online Services (security & privacy policies)
      Trustworthy Computing (SDL, Engineering Excellence, etc.)
      Industry & regulatory
      Industry best practices: ISO/IEC 27001:2005, NIST SP 800-53
      Customer requirements: SOX, HIPAA, FISMA, GLBA, PCI DSS
      Data protection laws
      Inputs
      Remove non-applicable, harmonize redundant, identify conditional
      Common Baseline Requirements
      Conditional Requirements
    • Compliance Monitoring & Assessment
      • Internal monitoring
      • Technical compliance (patch and configuration mgmt, vulnerability scans, penetration tests, etc.)
      • Personnel compliance (training and awareness, screening, etc.)
      • Process compliance (business process evaluation, change control, access management, etc.)
      • Physical security compliance (CCTV monitoring, access control and logging, etc.)
      • Third Party validation
      • Facilities & infrastructure services – ISO cert + SAS 70
      • BPOS Dedicated – ISO aligned + SAS 70
      • BPOS Standard – ISO aligned
    • Commitment in Action
      What we provide
      • Services are designed, engineered and operated with security as core tenet
      • Privacy of customer data is respected
      • Audits demonstrate independent validation
      • Service resiliency and service and data recoverability are fundamental to service operations
      • 99.9% uptime SLA
      Customer benefits
      • Mature and comprehensive security management
      • Service upgrades and security updates
      • Comprehensive security monitoring and response
      • Customer control over customer data
      • Compliance management capabilities available to customers
    • Additional Resources
      Microsoft Online Services: www.microsoft.com/online
      Business Productivity Online Suite
      • 30 day free trial : http://www.microsoft.com/online/products.mspx
      • Technical information on TechNet http://technet.microsoft.com/msonline
      • Service descriptions, developer guide, service level agreement, migration/deployment
      guides and tools and other technical information and blogs
      • Security white paper: http://go.microsoft.com/fwlink/?LinkID=125754&clcid=0x409
      • Privacy policy: http://www.microsoft.com/online/legal/MOS_Privacy_Statement_Full.htm
    • Thank You!