Information Security

A community of information security resources.

The Microsoft IT’s Information Security (InfoSec) group is responsible for information security risk management at Microsoft. We concentrate on information protection as well as enterprise business continuity planning. Our mission is to accelerate secure and reliable business for Microsoft, partners and customers. InfoSec is comprised of professionals of various disciplines including architects, developers, program managers, technologists and analysts.

Featured Stories

	Technical Dependency Analysis Each technical layer needs to have its own recovery time objective.
	Business Continuity Management The goal should be to create and maintain operational resiliency.

	Using the Business Impact Analysis Provides qualitative & quantitative measures in the event of a disruption.
	CAT.NET Configuration Analysis Engine A significant update in v2.0 with the goal to identify vulnerabilities at all layers.

More Channel 9 Videos >
More Edge Videos >

Recently

	How to Run CAT.NET 2.0 CTP This new version includes a command line tool for now; learn how to use it.
	How to Configure WPL 1.0 SRE It now includes a SQL Injection Detection module, learn how to configure SRE.
	InfoSec's A&P The suite is made up of a technology stack of protection & assessment tools.
	New Versions for Security Tools 3 new Community Tech Previews (CTP) for web developers ready for download!
	Dogfooding: Product Influence Looking at what risk might look like in the future is key.

How-Do-I Videos & Webcasts

	How to Use the Web Protection Library New! Known as Anti-XSS Library, a CSS encoding sample & SRE demo is shown.
	Identify & Fix Config Issues with WACA New! Quick demo of a scanned machine, explanation of results and mapping to TFS.
	Detecting & Mitigating Using CAT.NET New! Thur, Feb 25, 2010 1:00PM Pacific Learn how the tool includes FxCop security rules among new features. Register
	Sanitize HTML with Anti-XSS Library 3.1 This is using a new feature in the new version of the library. Learn to use it.
	SQL Server 2008 Policy Management Learn how this feature allows creation of policies on a SQL server instance.

InfoSec Blogs

Tools

Web Protection Library (WPL) CTP
New! Known as Anti-XSS Library, this is a more complete suite including mitigation for SQL injection, CSRF, etc.
Web App Configuration Analyzer (WACA) CTP
New! Scans the development environment against .NET best practices
CAT.NET CTP
New! CTP for download
Code analysis tool release version
Connected Information Security Framework
Framework for custom security solutions
Risk Tracker
Captures and tracks risks
neXpert
Performance Analysis tool
Visit Blog
Threat Analysis & Modeling
Application Threat Modeling

ACE Services

Learn here how we can help you enable secure and reliable business for your company.