Tech Talk from Microsoft: IT Security Assessments

By Thomas Dawkins

How well do you know the security state of your IT infrastructure? Depending on where your organization is located and the nature of your company (for example, financial or healthcare related) your operation may be required to provide compliance reports to government agencies on the security posture of the IT infrastructure, and the company may have to provide proof of how it handles personal identifiable information (PII) and medical records per requirements of the Health Insurance Portability and Accountability Act, or HIPAA. Noncompliance could result in fines and even jail time.

Setting assessment baselines and conducting annual security assessments are critical steps toward compliance. A security assessment needs to be easy to conduct but comprehensive. It should look for security vulnerabilities from the networking perimeter down to the data. It should help the organization identify security issues with laptops and other mobile devices that also access corporate resources. 

Large businesses have the resources they need to achieve these objectives. Not so with small and mid-sized businesses. Many small to mid-sized companies do not have dedicated security personnel and rely on their IT administrator to understand IT security. Moreover, that administrator generally has limited resources, making it difficult to purchase the complex reporting systems they need to help them meet the reporting requirements of various regulations.  

Gaining access to proven and trusted security guidance is another issue that plagues small to mid-sized businesses. Understanding where and how to get information to help them solve their security issues is a daunting task and adds another level of overhead for the small to mid-size business IT administrator.

Recently, Microsoft released a new, free tool to help small to medium-sized businesses in the discovery of their IT security posture called the Microsoft Security Assessment Tool (MSAT).  MSAT is an easy-to-use tool that provides a 250-question IT security assessment focused on four primary areas: people, process, operations, and technology. 

MSAT can help companies sustain their security posture through periodic assessments after their initial assessment baseline is created. It provides organizations with a list of proven recommendations that can be used to help prioritize, budget, and schedule remediation activities.

To learn more about Microsoft’s Security Assessment Tool and download it for free, click here




The Magazine — Past Issues


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.