Free software spots business security gaps

16 Nov 2005

Microsoft Ireland has launched a free self-assessment reporting tool to help businesses identify gaps they may have in their IT security.

Called the Microsoft Security Assessment Tool (MSAT), the software can be downloaded free of charge from It provides an automated survey to evaluate potential security risks a company faces under a series of headings: infrastructure, applications, operations and people. The tool is intended for companies of 1,000 employees or less.

The Microsoft Security Assessment is an interactive session that uses the MSAT and includes an onsite questionnaire. According to Microsoft, the assessment provides a customer with a broad overview of its company and IT organisation and provides a clearly defined map to becoming more secure through prioritised activities, solutions and prescriptive guidance.

The questions and the recommendations that the tool offers are based on internationally recognised IT security standards such as ISO 17799 and NIST-800.x, as well as recommendations and prescriptive guidance from both Microsoft and external security sources.

Based on the responses to the survey, the company receives a free report that details any weaknesses that may exist as well as giving recommendations specific to business issues that were raised in the assessment. These include best practice advice on measures that the company can take to improve the security of its information and resources.

The tool only collects generic information that can’t be used to identify a company: it simply lists company size and industry, along with scores in particular areas, which is then used to compare customers with all other participants or with other participants in the same industry sector. The data is also used to benchmark and compare a customer’s results over time. This data is not collected unless the respondent replies with answers to the survey.

Mike Hughes, security programme manager with Microsoft Ireland, commented: “There are many elements to corporate security from keeping IT systems up to date to instigating appropriate internal procedures and practices to minimise the probability of a security incident. The key is awareness. This tool helps companies to understand the various different elements in building and maintaining a secure business environment.”

Last month Microsoft revealed details about upcoming security software releases for business customers, including a desktop protection tool as well as antivirus and anti-spyware applications for its Exchange messaging platform. The company also sponsored this week’s Make IT Secure initiative, a public awareness campaign aimed at raising the profile of the need for good IT security.

By Gordon Smith