October 28, 2004

The Security Risk Management Guide

I forgot to mention this last week, but was just reminded about it.

Microsoft has released a guide that helps customers of all types plan, build, and maintain a successful security risk management program. In a four phase process, the guide explains how to conduct each phase of a risk management program and how to build an ongoing process to measure and drive security risks to an acceptable level.

Although I haven't read it in detail yet, what I saw looked pretty good. I like seeing educational pieces like this; they are informative, to the point and pretty much vendor agnostic. (ie: Not MS rah rah, but real infosec guidance)

You will also find a lot of good reference links supporting their research. Always a good thing(tm).

Happy reading!

Posted by SilverStr at October 28, 2004 01:19 PM | TrackBack
Comments

Dana, the Guide is only available to registered .NET Passport Users. I refuse to register with Passport for security and data protection reasons.
MS has once again found an effective way of keeping unwanted people out.
Just one more reason for me to evade them wherever possible.

Posted by: Axel at October 29, 2004 12:35 AM

Do you know http://securityguidance.com/?

The Microsoft Security Risk Self-Assessment for Midsize Organizations

Download the Microsoft Security Risk Self-Assessment Tool (MSRSAT) and install it on your computer to obtain information and recommendations about best practices to help enhance security within your information technology (IT) infrastructure.

This application is designed to help organizations with fewer than 1,000 employees assess weaknesses in their current IT security environment. It will help identify processes, resources, and technologies that are designed to promote good security planning and risk mitigation practices within your organization.

I'm testing. It's a complement for The Security Risk Management Guide

Regards

Posted by: Javier Cao Avellaneda at November 4, 2004 12:26 AM