R U Secure? Are your customers secure? Here’s how to know…
Back on 6/30, I did a post around the 3.1 release of the Microsoft Assessment and Planning Solution Accelerator (MAP), and I hope many of you explored that great tool. I’ve recently been reminded that we have another great Assessment Tool that I want to highlight and encourage you to explore as well – the Microsoft Security Assessment Tool (MSAT). As the MSAT webpage states: “The Microsoft Security Assessment Tool (MSAT) is a free tool designed to help organizations like yours assess weaknesses in your current IT security environment, reveal a prioritized list of issues, and help provide specific guidance to minimize those risks.”
Like all solution accelerators it’s free, but unlike the MAP this tool has no software component (altho MAP is agentless). Instead it basically gives you over 200 questions (covering infrastructure, applications, operations, and people) that will help you do a holistic evaluation of the overall security risk as well as the mitigations (aka defense in depth) of your infrastructure. The MSAT tool will help you build a Business Risk Profile (BRP), as well as a Defense-in-Depth Index (DiDI), and then helps you do an analysis.
In addition to the BRP and DidI, MSAT’s holistic approach also helps you analyze the “Security Maturity” of the organization. And then, to top it all off, risk management recommendations are suggested for your environment that consider existing technology deployment, current security posture, and defense-in-depth strategies. All of this, of course, is based on commonly accepted best practices, standards such as ISO 17799 and NIST-800.x, as well as recommendations and prescriptive guidance from Microsoft’s Trustworthy Computing Group and other external security sources.
Although the tool is designed for “mid-sized” organizations (50-1000 desktops), I’m sure my many small-business focused partners could adapt the questions and concepts presented in this tool to their customer space as well. If I’ve interested you in exploring this tool, here’s the link to more information and the download. If I haven’t quite convinced you, can also check out the subsequent link which is an MCP Magazine article by Greg Shields which he ends with the following quote (and it’s a good quote for me to end with too): “this tool gives the security administrator as well as the IT technical manager the fodder they need to determine exactly where the holes are in their environment. Considering Microsoft makes this tool available for no cost, it's worth an hour of your time.”
Microsoft Security Assessment Tool
Security That Looks Good on Paper