Your SlideShare is downloading. ×
Risk Management in Microsoft Online Services
Risk Management in Microsoft Online Services
Risk Management in Microsoft Online Services
Risk Management in Microsoft Online Services
Risk Management in Microsoft Online Services
Risk Management in Microsoft Online Services
Risk Management in Microsoft Online Services
Risk Management in Microsoft Online Services
Risk Management in Microsoft Online Services
Risk Management in Microsoft Online Services
Risk Management in Microsoft Online Services
Risk Management in Microsoft Online Services
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Risk Management in Microsoft Online Services

625

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
625
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
14
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Updated August 10, 2009
    Security in Business Productivity Online Suite
  • 2. Agenda
    What is Business Productivity Online Suite
    Microsoft Online Services Risk Management
    Security
    Privacy & Regulatory
    Service Continuity
    Compliance Management
    Customer Benefits
    Q&A
  • 3. Business Productivity Online Suite
    Some existing customers
  • 4. Risk Management Program
    Information Security Policy
    Security
    Privacy
    Service Continuity
    Compliance Management
  • 5. Security Program
    A risk-based, multi-dimensional approach to help safeguard services and data
    Security Management
    Security Monitoring & Response, Threat & Vulnerability Management
    Data
    Access Control & Monitoring, File/Data Integrity
    User
    Account Management, Training & Awareness, Screening
    Application
    Secure Development Lifecycle, Access Control & Monitoring, Anti-Malware
    Host
    Access Control & Monitoring, Anti-Malware, Patch & Config Mgmt
    Internal Network
    Dual-factor Authentication, Intrusion Detection, Vulnerability Scanning
    Network perimeter
    Facility
    Edge Routers, Firewalls, Intrusion Detection, Vulnerability Scanning
    Video Surveillance, biometrics, Access Control
  • 6. Privacy Program
    Designed to establish consistent "high bar" privacy practices that support global standards for data handling and transfer
    Documented & enforced privacy requirements
    • Microsoft Online Services Privacy Statement
    • 7. Microsoft Online Services Privacy and Regulatory Divisional Requirements Specific to Software + Services
    • 8. Corporate-level Privacy Guidelines for Service Development
    Privacy disclosures & transparency
    • Microsoft Online Services Privacy Statement
    • 9. EU Safe Harbor Certification
  • Service Continuity Program
    Business Impact Assessment
    Single point of failure and dependency analysis
    Defined recovery objectives
    Documented recovery plans and procedures
    Recovery exercises
  • 10. Compliance Management
    Rationalize and harmonize requirements
    Microsoft internal
    Corporate (security & privacy policies, etc.)
    Microsoft Online Services (security & privacy policies)
    Trustworthy Computing (SDL, Engineering Excellence, etc.)
    Industry & regulatory
    Industry best practices: ISO/IEC 27001:2005, NIST SP 800-53
    Customer requirements: SOX, HIPAA, FISMA, GLBA, PCI DSS
    Data protection laws
    Inputs
    Remove non-applicable, harmonize redundant, identify conditional
    Common Baseline Requirements
    Conditional Requirements
  • 11. Compliance Monitoring & Assessment
    • Internal monitoring
    • 12. Technical compliance (patch and configuration mgmt, vulnerability scans, penetration tests, etc.)
    • 13. Personnel compliance (training and awareness, screening, etc.)
    • 14. Process compliance (business process evaluation, change control, access management, etc.)
    • 15. Physical security compliance (CCTV monitoring, access control and logging, etc.)
    • 16. Third Party validation
    • 17. Facilities & infrastructure services – ISO cert + SAS 70
    • 18. BPOS Dedicated – ISO aligned + SAS 70
    • 19. BPOS Standard – ISO aligned
  • Commitment in Action
    What we provide
    • Services are designed, engineered and operated with security as core tenet
    • 20. Privacy of customer data is respected
    • 21. Audits demonstrate independent validation
    • 22. Service resiliency and service and data recoverability are fundamental to service operations
    • 23. 99.9% uptime SLA
    Customer benefits
    • Mature and comprehensive security management
    • 24. Service upgrades and security updates
    • 25. Comprehensive security monitoring and response
    • 26. Customer control over customer data
    • 27. Compliance management capabilities available to customers
  • Additional Resources
    Microsoft Online Services: www.microsoft.com/online
    Business Productivity Online Suite
    • 30 day free trial : http://www.microsoft.com/online/products.mspx
    • 28. Technical information on TechNet http://technet.microsoft.com/msonline
    • 29. Service descriptions, developer guide, service level agreement, migration/deployment
    guides and tools and other technical information and blogs
    • Security white paper: http://go.microsoft.com/fwlink/?LinkID=125754&clcid=0x409
    • 30. Privacy policy: http://www.microsoft.com/online/legal/MOS_Privacy_Statement_Full.htm
  • Thank You!

×