The handbook is for security professionals and auditors

DQI Bureau
New Update

Can you throw some light on the security handbook released by Microsoft in

partnership with PricewaterhouseCoopers? What was the driver behind it?

This is a handbook for security professionals and auditors, aimed at

providing guidance to the auditors and the financial institutions when it comes

to assessing and evaluating security risks and the adequacy of the risk

management exercise being undertaken by the organization. We have customized the

banking security audit guidelines released by Reserve Bank of India to specific

technology platforms.


But, why the focus on the financial sector?

The banks and financial institutions have been the epitome of trust. One

reposes trust in them. And, when these organizations are using technology,

including IT, they need to ensure that whatever they are doing is secured and

trustful. There was feedback from our customers and partners that while they are

using a lot of IT systems, they dont know how to secure according to the best

manner and the best practices that are there.

So, is it relevant only for the banking and financial sector?

The fact is that the banking regulations by RBI mandate certain things. Then

there is the whole trust factor and high stakes involved. Besides, this sector

is usually ahead in terms of technology. Therefore, BFSI will be at the

forefront in terms of usage. But, while the security handbook is for the

financial sector, and the prompt for this came from the needs of the banking and

financial services industry, it can be equally relevant in the other industries

as well. Therefore, the handbook for the BFSI sector is not restricted. It can

be very well used in other organizations as well.

Which are the Microsoft products covered in the handbook?

The handbook includes all the key controls that should be reviewed during a

systems review for three key Microsoft Platforms: Windows Desktop Operating

Systems, Windows Server Operating Systems, and SQL Server Database incorporating

various versions. We see it as a step toward simplifying our technology and as a

value add for our customers. The feedback from the users has been very


Shipra Malhotra