{"id":401860,"date":"2010-03-07T17:26:00","date_gmt":"2010-03-07T21:26:00","guid":{"rendered":"tag:blogger.com,1999:blog-7196788127833928948.post-1844036610933196040"},"modified":"2010-03-07T17:26:00","modified_gmt":"2010-03-07T21:26:00","slug":"accelerating-security-assessment-with-ms-security-assessment-tool","status":"publish","type":"post","link":"https:\/\/mereja.media\/index\/401860","title":{"rendered":"Accelerating Security Assessment with MS Security Assessment Tool"},"content":{"rendered":"<p>When working on a security assessment, it is always helpful to use an automated tool that compares the key elements to the known best practices, and generates an overview result set.<br \/>Among other tools which can be used, Microsoft has released a tool titled <a href=\"http:\/\/technet.microsoft.com\/en-us\/security\/cc185712.aspx\">Microsoft\u00ae Security Assessment Tool.<\/a><br \/><a onblur=\"try {parent.deselectBloggerImageGracefully();} catch(e) {}\" href=\"http:\/\/2.bp.blogspot.com\/_Hu1rpxRsqcU\/S5QwZfa-SZI\/AAAAAAAAAf0\/uYKBINZRcaI\/s1600-h\/security_assessment.jpg\"><img decoding=\"async\" style=\"margin: 0pt 0pt 10px 10px; float: right; cursor: pointer; width: 157px; height: 200px;\" src=\"http:\/\/2.bp.blogspot.com\/_Hu1rpxRsqcU\/S5QwZfa-SZI\/AAAAAAAAAf0\/uYKBINZRcaI\/s200\/security_assessment.jpg\" alt=\"\" id=\"BLOGGER_PHOTO_ID_5446031063887268242\" border=\"0\" \/><\/a><br \/>The assessment of this tool strives to identify the business risk of the organization and the security measures deployed to mitigate risk.<br \/>The assessment takes the form of a questionnaire, with Yes\/No answers that cover the following areas<a onblur=\"try {parent.deselectBloggerImageGracefully();} catch(e) {}\" href=\"http:\/\/2.bp.blogspot.com\/_Hu1rpxRsqcU\/S5QwZfa-SZI\/AAAAAAAAAf0\/uYKBINZRcaI\/s1600-h\/security_assessment.jpg\"><\/a><\/p>\n<ul>\n<li><span style=\"font-weight: bold;\">Infrastructure <\/span>&#8211; Infrastructure security collects information on how the networks function, what business processes (internal or external) it supports, how hosts are built and deployed, and how the network are managed and maintained.<\/li>\n<li><span style=\"font-weight: bold;\">Applications <\/span>&#8211; Applications security reviews applications within the organization and assess them from a security and availability standpoint. It examines technologies used within the environment, and reviews the high level procedures an organization can follow to help mitigate application risk<\/li>\n<li><span style=\"font-weight: bold;\">Operations and People <\/span>&#8211; This section reviews those processes within the enterprise governing corporate security policies, Human Resources processes, and employee security awareness and training. It also focuses on dealing with security as it relates to day-to-day operational assignments and role definitions.<\/li>\n<\/ul>\n<p>The resulting comparison to best practices generates a summary report, as well as much more useful detailed report with areas which are lacking in comparison to the best practices. The report contains a lot of suggestions and links to related products and best practices published by Microsoft.<\/p>\n<p><a onblur=\"try {parent.deselectBloggerImageGracefully();} catch(e) {}\" href=\"http:\/\/4.bp.blogspot.com\/_Hu1rpxRsqcU\/S5QtS8LiU2I\/AAAAAAAAAfc\/HmtUlCVM0FI\/s1600-h\/MS_Assessment_Tool_Summary_Assessment.jpg\"><img decoding=\"async\" style=\"margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 150px;\" src=\"http:\/\/4.bp.blogspot.com\/_Hu1rpxRsqcU\/S5QtS8LiU2I\/AAAAAAAAAfc\/HmtUlCVM0FI\/s320\/MS_Assessment_Tool_Summary_Assessment.jpg\" alt=\"\" id=\"BLOGGER_PHOTO_ID_5446027652813181794\" border=\"0\" \/><\/a><br \/>The MS Security Assessment Tool and it&#8217;s report isn&#8217;t a replacement for a full blown analysis, nor it can be a used as a one stop shop for a realistic security analysis. When performing a real analysis, an in-depth review of process and technology is needed.<br \/><span class=\"blsp-spelling-error\" id=\"SPELLING_ERROR_0\">MSAT<\/span> is just a helpful tool to generate a security posture overview and some automated <span class=\"blsp-spelling-corrected\" id=\"SPELLING_ERROR_1\">recommendations<\/span>, so it is a nice start. For everything else, you will need to bring in expert professionals.<\/p>\n<p><span class=\"blsp-spelling-error\" id=\"SPELLING_ERROR_2\">Talkback<\/span> and comments are most welcome<\/p>\n<p>Related posts<br \/><a href=\"http:\/\/www.shortinfosec.net\/2008\/12\/wmi-scanning-excellent-security-tool.html\"><span class=\"blsp-spelling-error\" id=\"SPELLING_ERROR_3\">WMI<\/span> Scanning &#8211; Excellent Security Tool<\/a><br \/><a href=\"http:\/\/www.shortinfosec.net\/2009\/11\/risk-assessment-with-microsoft-threat.html\">Risk Assessment with Microsoft Threat Assessment &amp; Modeling<\/a><br \/><a href=\"http:\/\/www.shortinfosec.net\/2008\/07\/googles-ratproxy-web-security-tool-for.html\"><span class=\"blsp-spelling-error\" id=\"SPELLING_ERROR_4\">Google&#8217;s<\/span> <span class=\"blsp-spelling-error\" id=\"SPELLING_ERROR_5\">Ratproxy<\/span> Web Security Tool for Windows<\/a><br \/><a href=\"http:\/\/www.shortinfosec.net\/2009\/11\/analysis-of-windows-security-logs-with.html\">Analysis of Windows Security Logs with MS Log Parser<\/a><br \/><a href=\"http:\/\/www.shortinfosec.net\/2009\/11\/how-to-malicious-web-site-analysis.html\">How To &#8211; Malicious Web <span class=\"blsp-spelling-error\" id=\"SPELLING_ERROR_6\">SIte<\/span> Analysis Environment<\/a><\/p>\n<div class=\"blogger-post-footer\"><img width='1' height='1' src='https:\/\/blogger.googleusercontent.com\/tracker\/7196788127833928948-1844036610933196040?l=www.shortinfosec.net' alt='' \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/feeds.feedburner.com\/~r\/shortinfosec\/~4\/Olbk9o1tpGc\" height=\"1\" width=\"1\"\/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>When working on a security assessment, it is always helpful to use an automated tool that compares the key elements to the known best practices, and generates an overview result set.Among other tools which can be used, Microsoft has released a tool titled Microsoft\u00ae Security Assessment Tool.The assessment of this tool strives to identify the [&hellip;]<\/p>\n","protected":false},"author":5679,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-401860","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts\/401860","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/users\/5679"}],"replies":[{"embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/comments?post=401860"}],"version-history":[{"count":0,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts\/401860\/revisions"}],"wp:attachment":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/media?parent=401860"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/categories?post=401860"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/tags?post=401860"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}