The Security Development Lifecycle is in no way synonymous with Microsoft's entire span of efforts designed to bulletproof its software products and consumer environments. An illustrative example of this is the Microsoft Security Assessment Tool 4.0. Built as the evolution of Microsoft Security Risk Self-Assessment Tool (MSRSAT) dating back to 2004 and that of the Microsoft Security Assessment Tool 2.0 dropped in 2006, the Security Assessment Tool 4.0 is a free download which will integrate seamlessly with Windows Vista, Windows XP, Windows Server 2008 and Windows Server 2003 in order to evaluate the level of risk in an IT infrastructure and provide the necessary best practices data and guidance.

“The tool employs a holistic approach to measuring your security posture by covering topics across people, process, and technology. Findings are coupled with prescriptive guidance and recommended mitigation efforts, including links to more information for additional industry guidance. These resources may assist you in keeping you aware of specific tools and methods that can help change the security posture of your IT environment. There are two assessments that define the Microsoft Security Assessment Tool: Business Risk Profile Assessment and Defense in Depth Assessment,” revealed Keith Combs, Microsoft Technical Evangelist.

The Redmond company is using both internal and third party resources in order to deliver information and recommendations designed to secure IT infrastructure. In this context, Microsoft’s Trustworthy Computing Group is tapped as a source of guidance, in addition to standards including ISO 17799 and NIST-800.x. Microsoft indicated that only security resources valued in the industry are leveraged by the tool.

“After completing an Assessment, you will gain access to a detailed report of your results. You may also compare your results with those of your peers (by industry and company size), provided that you upload your results anonymously to the secure MSAT Web server,” Combs added. “When you upload your data the application will simultaneously retrieve the most recent data available. To be able to provide this comparative data, we need customers such as you to upload their information. All information is kept strictly confidential and no personally identifiable information whatsoever will be sent.”

Security Assessment Tool 4.0 is available for download here.