Curated by: Luigi Canali De Rossi

Sunday, March 21, 2004

Microsoft Shares Its Security Procedures

Microsoft has released a technical case study of its internal security procedures, in which it spells out a three-pronged approach to thwarting malicious hacker attacks and urges enterprise admins to spend more time anticipating and preventing attacks. The case study includes several best practice recommendations for IT admins, including: a) The creation of a risk model for the enterprise to pinpoint potential risk areas and the probability and impact of a compromise to each area. b) Plans to determining what is worth risking and what must be fixed. "Doing nothing is an option if the risk probability or impact is low." c) The development of a library of the risk-rated vulnerabilities to verify if the known vulnerabilities are present in the scanning process and the documentation of technologies and resources (people and devices) that have access to those technologies. d) Management of the vulnerabilities by notifying users and forcing a patch or disconnecting the vulnerable system from the network.



Reference: [ Read more ]
Readers' Comments    
blog comments powered by Disqus
posted by Robin Good on Sunday, March 21 2004, updated on Tuesday, May 5 2015

Creative Commons License
This work is licensed under a Creative Commons License.




Real Time Web Analytics