The tests carried out for service hardening within Microsoft online services can be grouped into four general categories: Microsoft continuously assesses its own systems for vulnerabilities, and contracts with various independent, external experts who do the same. Microsoft works with various industry bodies and security experts to understand new threats and evolving trends. We also have dedicated security training articles published throughout the year for the security community across Microsoft and specialized to Microsoft online services regularly. This training varies by need of the team and employee, but includes things like industry conferences, internal Microsoft Security conferences, and external training courses through well-known security training vendors in the industry. Lastly, the security team members themselves get specialized training and conference participation that relates directly to security. In addition, some service teams and roles may go through specialized security training as needed. Some Microsoft online service environments and operator roles may also require full fingerprinting, citizenship requirements, government clearance requirements, and other more stringent controls. The background checks are mandatory for all employees working within Microsoft engineering. Any other security focus areas that may be relevant each yearĮach employee working on Microsoft online services is subject to an appropriate and thorough background check that includes the candidate's education, employment, criminal history, and other specific information per United States regulations like Health Insurance Portability and Accountability Act (HIPAA), International Traffic in Arms Regulations (ITAR), Federal Risk and Authorization Management Program (FedRAMP), and others.The responsibility of everyone to report security incidents, and how to do so.Any changes made to the standard operating procedures in the preceding year.The annual refresher training focuses on: The appropriate employees receive refresher training on security annually. Any other relevant security areas (as needed). Where to find additional information about security and privacy, and escalation contacts.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |