SECURITY PRIVACY RELIABILITY & SERVICE CONTINUITY
COMPLIANCE
Slide 3
Compliance Management Information Security Policy Security
Privacy & Regulatory Privacy & Regulatory Service
Continuity 3
Slide 4
4 Microsoft Confidential
Slide 5
Security Management Threat & Vulnerability Management,
Monitoring & Response Edge Routers, Firewalls, Intrusion
Detection, Vulnerability scanning Network perimeter Dual-factor
Auth, Intrusion Detection, Vulnerability scanning Internal Network
Access Control & Monitoring, Anti-Malware, Patch & Config
Mgmt Host Secure Engineering (SDL), Access Control &
Monitoring, Anti-Malware Application Access Control &
Monitoring, File/Data Integrity Data User Account Mgmt, Training
& Awareness, Screening Facility Physical controls, video
surveillance, Access Control Strategy: employ a risk-based,
multi-dimensional approach to safeguarding services and data 5
Slide 6
Microsoft believes that delivering secure software requires
Executive commitment Ongoing Process Improvements SDL a mandatory
policy at Microsoft since 2004 Technology and Process
EducationAccountability
Slide 7
ISO 27001 SAS 70 Type I (BPOS-S) SAS 70 Type II (BPOS-D)
Services (BPOS and FOPE) ISO 27001 SAS 70 Type II Data Centers Safe
Harbor Microsoft 7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15 Microsoft Confidential
Slide 16
Business Rules for protecting information and systems which
store and process information System or procedural specific
requirements that must be met Step by step procedures A process or
system to assure the implementation of policy 16
Slide 17
17
Slide 18
18
Slide 19
19 Microsoft Confidential
Slide 20
20
Slide 21
21
Slide 22
22
Slide 23
Secondary mailbox with separate quota Appears in Outlook and
Outlook Web App Automated and time- based criteria Set policies at
item or folder level Expiry date shown in email message EWS Support
Capture deleted and edited email messages Offers single item
restore Notify user on hold Web-based UI Search primary, archive,
and recoverable items Delegate through roles-based admin Annotate
content De-duplication after discovery Alert sender about possible
risks or policy violations Option of customized MailTips
MailTipsMailTips Inspect both messages and attachments Apply
controls to all email sent and received Delegate through roles-
based admin Apply IRM automatically Access messages in OWA, EAS
Decrypt protected messages to enable search, filtering, journaling,
transport rules Protect sensitive voicemail Extend access to
partners Transport Rules IRM Integration