OSP214 SECURITY PRIVACY COMPLIANCE RELIABILITY & SERVICE CONTINUITY Information Security Policy Security Privacy & Regulatory Service Continuity Compliance Management.

Download Report

Transcript OSP214 SECURITY PRIVACY COMPLIANCE RELIABILITY & SERVICE CONTINUITY Information Security Policy Security Privacy & Regulatory Service Continuity Compliance Management.

OSP214
SECURITY
PRIVACY
COMPLIANCE
RELIABILITY & SERVICE CONTINUITY
Information Security Policy
Security
Privacy &
Regulatory
Service
Continuity
Compliance Management
3
Microsoft Confidential
4
Strategy: employ a risk-based, multi-dimensional approach to safeguarding services and data
Security Management
Threat & Vulnerability Management, Monitoring & Response
Data
Access Control & Monitoring, File/Data Integrity
User
Account Mgmt, Training & Awareness, Screening
Application
Host
Internal Network
Network perimeter
Facility
Secure Engineering (SDL), Access Control & Monitoring, Anti-Malware
Access Control & Monitoring, Anti-Malware, Patch & Config Mgmt
Dual-factor Auth, Intrusion Detection, Vulnerability scanning
Edge Routers, Firewalls, Intrusion Detection, Vulnerability scanning
Physical controls, video surveillance, Access Control
5
Microsoft believes that delivering secure software requires Executive commitment
SDL a mandatory policy at Microsoft since 2004
Education
Technology and Process
Ongoing Process Improvements
Accountability
Services
(BPOS and FOPE)
Data
Centers
Microsoft
• ISO 27001
• SAS 70 Type I (BPOS-S)
• SAS 70 Type II (BPOS-D)
• ISO 27001
• SAS 70 Type II
• Safe Harbor
7
•
•
•
•
Solution
•
•
8
9
10
11
12
13
14
Microsoft Confidential
15
Business Rules for protecting information and systems
which store and process information
A process or system to assure the implementation of
policy
System or procedural specific
requirements that must be met
Step by step procedures
16
17
18
Microsoft Confidential
19
•
•
•
•
•
•
•
•
20
21
22
• Secondary mailbox
with separate quota
• Appears in Outlook
and Outlook Web
App
• Automated and time-
• Capture deleted and
based criteria
• Set policies at item or
folder level
• Expiry date shown in
email message
edited email
messages
• Search primary,
archive, and
recoverable items
• Offers single item
restore
• Notify user on hold
• EWS Support
• Web-based UI
• Delegate through
roles-based admin
• Annotate content
• De-duplication after
discovery
MailTips
• Alert sender about
possible risks or policy
violations
• Option of customized
MailTips
Transport Rules
• Inspect both messages and
attachments
• Apply controls to all email
sent and received
• Delegate through rolesbased admin
IRM Integration
• Apply IRM automatically
• Access messages in OWA, EAS
• Decrypt protected messages to
enable search, filtering,
journaling, transport rules
• Protect sensitive voicemail
• Extend access to partners
www.microsoft.com/online
http://office365.microsoft.com
http://blogs.technet.com/msonline
http://www.facebook.com/MicrosoftOnlineServices
http://www.youtube.com/user/msonlineservices
http://twitter.com/msonline