IT Security at Microsoft Overview
Very, very cool doc.
From the document “Overview discussion on what the Microsoft Corporate Security group does to prevent malicious or unauthorized use of digital assets at Microsoft. This asset protection takes place through a formal risk management framework, risk management processes, and clear organizational roles and responsibilities. The basis of the approach is recognition that risk is an inherent part of any environment and that risk should be proactively managed. The principles and techniques described can be employed to manage risk at any organization. Other areas of corporate security, such as security in software design and physical security, are not covered.”
Available here.
InternetNews carries some commentary on the paper.
Comments
- Anonymous
May 18, 2004
This is very helpful, I often wondered "...How would Microsoft do it?..." - Anonymous
May 23, 2004
[Docs] ??????????????? - Anonymous
May 23, 2004
[Docs] ???????????????