OSP214 SECURITY PRIVACY COMPLIANCE RELIABILITY & SERVICE CONTINUITY Information Security Policy Security Privacy & Regulatory Service Continuity Compliance Management.
Download ReportTranscript OSP214 SECURITY PRIVACY COMPLIANCE RELIABILITY & SERVICE CONTINUITY Information Security Policy Security Privacy & Regulatory Service Continuity Compliance Management.
OSP214 SECURITY PRIVACY COMPLIANCE RELIABILITY & SERVICE CONTINUITY Information Security Policy Security Privacy & Regulatory Service Continuity Compliance Management 3 Microsoft Confidential 4 Strategy: employ a risk-based, multi-dimensional approach to safeguarding services and data Security Management Threat & Vulnerability Management, Monitoring & Response Data Access Control & Monitoring, File/Data Integrity User Account Mgmt, Training & Awareness, Screening Application Host Internal Network Network perimeter Facility Secure Engineering (SDL), Access Control & Monitoring, Anti-Malware Access Control & Monitoring, Anti-Malware, Patch & Config Mgmt Dual-factor Auth, Intrusion Detection, Vulnerability scanning Edge Routers, Firewalls, Intrusion Detection, Vulnerability scanning Physical controls, video surveillance, Access Control 5 Microsoft believes that delivering secure software requires Executive commitment SDL a mandatory policy at Microsoft since 2004 Education Technology and Process Ongoing Process Improvements Accountability Services (BPOS and FOPE) Data Centers Microsoft • ISO 27001 • SAS 70 Type I (BPOS-S) • SAS 70 Type II (BPOS-D) • ISO 27001 • SAS 70 Type II • Safe Harbor 7 • • • • Solution • • 8 9 10 11 12 13 14 Microsoft Confidential 15 Business Rules for protecting information and systems which store and process information A process or system to assure the implementation of policy System or procedural specific requirements that must be met Step by step procedures 16 17 18 Microsoft Confidential 19 • • • • • • • • 20 21 22 • Secondary mailbox with separate quota • Appears in Outlook and Outlook Web App • Automated and time- • Capture deleted and based criteria • Set policies at item or folder level • Expiry date shown in email message edited email messages • Search primary, archive, and recoverable items • Offers single item restore • Notify user on hold • EWS Support • Web-based UI • Delegate through roles-based admin • Annotate content • De-duplication after discovery MailTips • Alert sender about possible risks or policy violations • Option of customized MailTips Transport Rules • Inspect both messages and attachments • Apply controls to all email sent and received • Delegate through rolesbased admin IRM Integration • Apply IRM automatically • Access messages in OWA, EAS • Decrypt protected messages to enable search, filtering, journaling, transport rules • Protect sensitive voicemail • Extend access to partners www.microsoft.com/online http://office365.microsoft.com http://blogs.technet.com/msonline http://www.facebook.com/MicrosoftOnlineServices http://www.youtube.com/user/msonlineservices http://twitter.com/msonline