I just finished delivering at webcast on Security Risk management. As promissed here is the Q&A log, not very many questions on this Friday afternoon.


Question: Kai says "GO GET THIS GUIDE: Security Risk Management Guide v 1.2"

Answer: http://www.microsoft.com/downloads/details.aspx?FamilyID=c782b6d3-28c5-4dda-a168-3e4422645459&displaylang=en

Question: Where is a god place to start learning about Security and Microsoft Products?

Answer: Here is the base Microsoft Security Site on the web.... --- http://www.microsoft.com/security/default.mspx

Question: I have heard there is a tool that I can use to scan local and remote machines in my domain for missing security updates, hot fixes and patches. What’s is that tool?

Answer: That tool is the Microsoft Baseline Security Analyzer. You can read more about it and download it here ---- http://www.microsoft.com/technet/security/tools/mbsahome.mspx

Question: I have also heard that Microsoft has a FREE, server based patch management system. Where can I find information about that?

Answer: That is WSUS - Windows Server Update Services -- You can read about and download here ----- http://www.microsoft.com/windowsserversystem/updateservices/default.mspx

Question: Another great tool....the MS Security Assessment Tool.....text based tool for starting a risk assessment...great for business gurus!

Answer: https://www.securityguidance.com/

Question: Are there any security resources specifically for ITPros?

Answer: Yes! Check out the Technet Security Center --- http://www.microsoft.com/technet/Security/default.mspx

Question: What about for developers?

Answer: Yes again! For developers, check out the MSDN Security Center --- http://msdn.microsoft.com/security/