I already blogged a few times on MSAT (the Microsoft Security Assessment Tool). We just released a new version for it, version 4.
For those of you who do not know MSAT: MSAT is a free (stress: free) Risk Assessment Tool mainly targeted a Small and Medium Businesses to get a good understanding of their Business Risks vs. their IT Risks. So, it shows not only (as so often) the need where you should do more but also, where you basically invested more in security than your business actually needed.
If you look at the tool it looks by itself completely re-designed (which it is):
The reports themselves have proven to be very helpful for our customers. Therefore they are not that different but slightly improved. However, it is now easier to save them (Word and XPS):
Business Risk Profile vs. Defense in Depth IndexÂ
Prioritized Action List
It is definitely worth looking at the tool
You can find it here