CISO's guide to Microsoft Secure Score
18 Oct 2019
(this post will be updated with new tips and tricks, and when changes happen on Secure Score)
Microsoft offers a Scoring website for the IT Security status of it’s cloud services called Secure Score. This Secure Score (https://security.microsoft.com/securescore) mentions all the steps to take to enhance security.
Secure Score gives IT and CISO’s an aim for enhancing security.
My advice is to set a KPI on the Secure Score as a total (and increase this KPI each year), and setting individual KPI’s on the following topics:
- Identity (at least 60%)
- Devices (at least 60%)
- Infrastructure And keep improving on the KPI’s
There is no need to skip items, as Secure Score has the possibility to mark items as “resolved by third party” Implement a procedure to regular check if all these skipped items are still valid.
The major downside is that only the Microsoft Cloud part is scored, leaving the (old) on-premises environment and other vendors on the side.
Another downside (fixed in februari 2020) was that there were “unscored” items, however these have now all been removed from the Secure Score site.
Last updated: Februari 2020