Risk Management in Microsoft Online Services

  • 602 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
602
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
14
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Updated August 10, 2009
    Security in Business Productivity Online Suite
  • 2. Agenda
    What is Business Productivity Online Suite
    Microsoft Online Services Risk Management
    Security
    Privacy & Regulatory
    Service Continuity
    Compliance Management
    Customer Benefits
    Q&A
  • 3. Business Productivity Online Suite
    Some existing customers
  • 4. Risk Management Program
    Information Security Policy
    Security
    Privacy
    Service Continuity
    Compliance Management
  • 5. Security Program
    A risk-based, multi-dimensional approach to help safeguard services and data
    Security Management
    Security Monitoring & Response, Threat & Vulnerability Management
    Data
    Access Control & Monitoring, File/Data Integrity
    User
    Account Management, Training & Awareness, Screening
    Application
    Secure Development Lifecycle, Access Control & Monitoring, Anti-Malware
    Host
    Access Control & Monitoring, Anti-Malware, Patch & Config Mgmt
    Internal Network
    Dual-factor Authentication, Intrusion Detection, Vulnerability Scanning
    Network perimeter
    Facility
    Edge Routers, Firewalls, Intrusion Detection, Vulnerability Scanning
    Video Surveillance, biometrics, Access Control
  • 6. Privacy Program
    Designed to establish consistent "high bar" privacy practices that support global standards for data handling and transfer
    Documented & enforced privacy requirements
    • Microsoft Online Services Privacy Statement
    • 7. Microsoft Online Services Privacy and Regulatory Divisional Requirements Specific to Software + Services
    • 8. Corporate-level Privacy Guidelines for Service Development
    Privacy disclosures & transparency
    • Microsoft Online Services Privacy Statement
    • 9. EU Safe Harbor Certification
  • Service Continuity Program
    Business Impact Assessment
    Single point of failure and dependency analysis
    Defined recovery objectives
    Documented recovery plans and procedures
    Recovery exercises
  • 10. Compliance Management
    Rationalize and harmonize requirements
    Microsoft internal
    Corporate (security & privacy policies, etc.)
    Microsoft Online Services (security & privacy policies)
    Trustworthy Computing (SDL, Engineering Excellence, etc.)
    Industry & regulatory
    Industry best practices: ISO/IEC 27001:2005, NIST SP 800-53
    Customer requirements: SOX, HIPAA, FISMA, GLBA, PCI DSS
    Data protection laws
    Inputs
    Remove non-applicable, harmonize redundant, identify conditional
    Common Baseline Requirements
    Conditional Requirements
  • 11. Compliance Monitoring & Assessment
    • Internal monitoring
    • 12. Technical compliance (patch and configuration mgmt, vulnerability scans, penetration tests, etc.)
    • 13. Personnel compliance (training and awareness, screening, etc.)
    • 14. Process compliance (business process evaluation, change control, access management, etc.)
    • 15. Physical security compliance (CCTV monitoring, access control and logging, etc.)
    • 16. Third Party validation
    • 17. Facilities & infrastructure services – ISO cert + SAS 70
    • 18. BPOS Dedicated – ISO aligned + SAS 70
    • 19. BPOS Standard – ISO aligned
  • Commitment in Action
    What we provide
    • Services are designed, engineered and operated with security as core tenet
    • 20. Privacy of customer data is respected
    • 21. Audits demonstrate independent validation
    • 22. Service resiliency and service and data recoverability are fundamental to service operations
    • 23. 99.9% uptime SLA
    Customer benefits
    • Mature and comprehensive security management
    • 24. Service upgrades and security updates
    • 25. Comprehensive security monitoring and response
    • 26. Customer control over customer data
    • 27. Compliance management capabilities available to customers
  • Additional Resources
    Microsoft Online Services: www.microsoft.com/online
    Business Productivity Online Suite
    • 30 day free trial : http://www.microsoft.com/online/products.mspx
    • 28. Technical information on TechNet http://technet.microsoft.com/msonline
    • 29. Service descriptions, developer guide, service level agreement, migration/deployment
    guides and tools and other technical information and blogs
    • Security white paper: http://go.microsoft.com/fwlink/?LinkID=125754&clcid=0x409
    • 30. Privacy policy: http://www.microsoft.com/online/legal/MOS_Privacy_Statement_Full.htm
  • Thank You!