OSP214
SECURITY PRIVACY RELIABILITY & SERVICE CONTINUITY COMPLIANCE
Compliance Management Information Security Policy Security Privacy & Regulatory Privacy & Regulatory Service Continuity 3
4 Microsoft Confidential
Security Management Threat & Vulnerability Management, Monitoring & Response Edge Routers, Firewalls, Intrusion Detection, Vulnerability scanning Network perimeter Dual-factor Auth, Intrusion Detection, Vulnerability scanning Internal Network Access Control & Monitoring, Anti-Malware, Patch & Config Mgmt Host Secure Engineering (SDL), Access Control & Monitoring, Anti-Malware Application Access Control & Monitoring, File/Data Integrity Data User Account Mgmt, Training & Awareness, Screening Facility Physical controls, video surveillance, Access Control Strategy: employ a risk-based, multi-dimensional approach to safeguarding services and data 5
Microsoft believes that delivering secure software requires Executive commitment Ongoing Process Improvements SDL a mandatory policy at Microsoft since 2004 Technology and Process EducationAccountability
ISO SAS 70 Type I (BPOS-S) SAS 70 Type II (BPOS-D) Services (BPOS and FOPE) ISO SAS 70 Type II Data Centers Safe Harbor Microsoft 7
8
9
10
11
12
13
14
15 Microsoft Confidential
Business Rules for protecting information and systems which store and process information System or procedural specific requirements that must be met Step by step procedures A process or system to assure the implementation of policy 16
17
18
19 Microsoft Confidential
20
21
22
Secondary mailbox with separate quota Appears in Outlook and Outlook Web App Automated and time- based criteria Set policies at item or folder level Expiry date shown in message EWS Support Capture deleted and edited messages Offers single item restore Notify user on hold Web-based UI Search primary, archive, and recoverable items Delegate through roles-based admin Annotate content De-duplication after discovery Alert sender about possible risks or policy violations Option of customized MailTips MailTipsMailTips Inspect both messages and attachments Apply controls to all sent and received Delegate through roles- based admin Apply IRM automatically Access messages in OWA, EAS Decrypt protected messages to enable search, filtering, journaling, transport rules Protect sensitive voic Extend access to partners Transport Rules IRM Integration