Your SlideShare is downloading. ×
0
Risk Management in Microsoft Online Services
Risk Management in Microsoft Online Services
Risk Management in Microsoft Online Services
Risk Management in Microsoft Online Services
Risk Management in Microsoft Online Services
Risk Management in Microsoft Online Services
Risk Management in Microsoft Online Services
Risk Management in Microsoft Online Services
Risk Management in Microsoft Online Services
Risk Management in Microsoft Online Services
Risk Management in Microsoft Online Services
Risk Management in Microsoft Online Services
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Risk Management in Microsoft Online Services

635

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
635
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
14
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Updated August 10, 2009<br />Security in Business Productivity Online Suite<br />
  • 2. Agenda<br />What is Business Productivity Online Suite<br />Microsoft Online Services Risk Management<br />Security<br />Privacy & Regulatory<br />Service Continuity<br />Compliance Management<br />Customer Benefits<br />Q&A<br />
  • 3. Business Productivity Online Suite<br />Some existing customers<br />
  • 4. Risk Management Program<br />Information Security Policy<br />Security<br />Privacy<br />Service Continuity<br />Compliance Management<br />
  • 5. Security Program<br />A risk-based, multi-dimensional approach to help safeguard services and data<br />Security Management <br />Security Monitoring & Response, Threat & Vulnerability Management<br />Data<br />Access Control & Monitoring, File/Data Integrity<br />User<br />Account Management, Training & Awareness, Screening<br />Application<br />Secure Development Lifecycle, Access Control & Monitoring, Anti-Malware<br />Host<br />Access Control & Monitoring, Anti-Malware, Patch & Config Mgmt<br />Internal Network<br />Dual-factor Authentication, Intrusion Detection, Vulnerability Scanning<br />Network perimeter<br />Facility<br />Edge Routers, Firewalls, Intrusion Detection, Vulnerability Scanning<br />Video Surveillance, biometrics, Access Control<br />
  • 6. Privacy Program<br />Designed to establish consistent "high bar" privacy practices that support global standards for data handling and transfer<br />Documented & enforced privacy requirements <br /><ul><li>Microsoft Online Services Privacy Statement
  • 7. Microsoft Online Services Privacy and Regulatory Divisional Requirements Specific to Software + Services
  • 8. Corporate-level Privacy Guidelines for Service Development</li></ul>Privacy disclosures & transparency<br /><ul><li>Microsoft Online Services Privacy Statement
  • 9. EU Safe Harbor Certification</li></li></ul><li>Service Continuity Program<br />Business Impact Assessment<br />Single point of failure and dependency analysis<br />Defined recovery objectives<br />Documented recovery plans and procedures<br />Recovery exercises<br />
  • 10. Compliance Management<br />Rationalize and harmonize requirements<br />Microsoft internal<br />Corporate (security & privacy policies, etc.)<br />Microsoft Online Services (security & privacy policies)<br />Trustworthy Computing (SDL, Engineering Excellence, etc.)<br />Industry & regulatory<br />Industry best practices: ISO/IEC 27001:2005, NIST SP 800-53<br />Customer requirements: SOX, HIPAA, FISMA, GLBA, PCI DSS<br />Data protection laws<br />Inputs<br />Remove non-applicable, harmonize redundant, identify conditional<br />Common Baseline Requirements<br />Conditional Requirements<br />
  • 11. Compliance Monitoring & Assessment<br /><ul><li>Internal monitoring
  • 12. Technical compliance (patch and configuration mgmt, vulnerability scans, penetration tests, etc.)
  • 13. Personnel compliance (training and awareness, screening, etc.)
  • 14. Process compliance (business process evaluation, change control, access management, etc.)
  • 15. Physical security compliance (CCTV monitoring, access control and logging, etc.)
  • 16. Third Party validation
  • 17. Facilities & infrastructure services – ISO cert + SAS 70
  • 18. BPOS Dedicated – ISO aligned + SAS 70
  • 19. BPOS Standard – ISO aligned</li></li></ul><li>Commitment in Action<br />What we provide<br /><ul><li>Services are designed, engineered and operated with security as core tenet
  • 20. Privacy of customer data is respected
  • 21. Audits demonstrate independent validation
  • 22. Service resiliency and service and data recoverability are fundamental to service operations
  • 23. 99.9% uptime SLA</li></ul>Customer benefits<br /><ul><li>Mature and comprehensive security management
  • 24. Service upgrades and security updates
  • 25. Comprehensive security monitoring and response
  • 26. Customer control over customer data
  • 27. Compliance management capabilities available to customers</li></li></ul><li>Additional Resources<br />Microsoft Online Services: www.microsoft.com/online<br />Business Productivity Online Suite<br /><ul><li> 30 day free trial : http://www.microsoft.com/online/products.mspx
  • 28. Technical information on TechNet http://technet.microsoft.com/msonline
  • 29. Service descriptions, developer guide, service level agreement, migration/deployment </li></ul>guides and tools and other technical information and blogs<br /><ul><li>Security white paper: http://go.microsoft.com/fwlink/?LinkID=125754&clcid=0x409
  • 30. Privacy policy: http://www.microsoft.com/online/legal/MOS_Privacy_Statement_Full.htm</li></li></ul><li>Thank You!<br />

×