There is a free tool available on Microsoft’s Web site called the Microsoft Security Risk Assessment Tool. It is designed to assess the security of mid-sized organization with less than 1,000 employees.

Microsoft also has another free tool called the Microsoft Security Baseline Analyzer. This tool directly scans your computer and identifies missing service packs; misconfigurations such as blank passwords and no account lockout policy, and so on. The Security Risk Assessment Tool, on the other hand, is a questionnaire that you fill out. Your responses are then processed to evaluate your organization’s security practices. The security risk assessment looks at the following different areas:

• Business Risk Profile
• Perimeter Defense
• Authentication
• Management and Monitoring
• Workstations
• Deployment and Use
• Application Design
• Data Storage and Communications
• Environment
• Security Policy
• Backup and Recovery
• Patch and Update Management
• Requirements and Assessments
• Policies and Procedures
• Training and Awareness

Once you complete the questionnaire, you will immediately be able to view your results. The results will provide you with a full-length report that outlines your company’s security position. You will also be able to compare your results against others in your industry. The report will also provide you with recommendations and resources on achieving industry-recognized best security practices. Visit here to find out more about this security tool and how it can help your business achieve a more secure environment.