Microsoft Security Response Center – Risk Assessment Model

Microsoft Security Response Center – Risk Assessment Model

Identify Context

 Threat Scenario: Bypass security architecture and access server’s operating system  Unwanted Incidents: Flaw in the product that makes it infeasible even when using the product properly to prevent an attacker from usurping privileges on the user’s system, regulating its operation, compromising data on it, or assuming ungranted trust.  Vulnerabilities: Different forms of vulnerability like viruses, worms, incorrectly-configured systems, passwords written on sticky pads The internet: This has posed the greatest threat to data security because of three main reasons; Scope, Anonymity and Reproducibility. Microsoft Security Response Centre is the core of Microsoft’s security infrastructure –  Goal: To protect users by eliminating security vulnerabilities whenever they are found in the Microsoft products or services.  Infrastructure: It has large product support area which takes care of user configuration issues, bugs, compatibility issues and so on.  Strategy: It has all the relevant product development teams which plunge into action once the threat is detected and treat it Risk Evaluation Process:  The first step is to determine if the reported problem is really a security threat. More than 90% of the problems get eliminated in this stage as they are due to user error or a failure to follow ‘best practices’.  The rest 10% which are classified as ‘potential risk’, are further analysed and formal investigation is opened.  Then the customer who reported the threat will be contacted and sent a tracking number in order to keep up to date with investigation  Next the affected product or service development will roped-in for help.  Final stage is to solve the problem through any one of the three ways, as mentioned in the strategy.  Consequences: User could input system commands and control the server’s operation. User can reformat server’s hard drive, change or modify web site content,...