At FIRST in Vancouver the formation of the Industry Consortium for Advancement of Security on the Internet (ICASI) was announced (I love abbreviations J). This consortium addresses in my opinion an important challenge of today’s incident response which is cross-vendor collaboration. A lot of threats and incidents in today’s world are having an impact on . . . → Read More: Improvement in Incident Response: ICASI launched
|
||||||
10 Years of Trustworthy Computing at MicrosoftBefore joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this was 2001). Mainly they were along two lines: Oh, you are joining a desktop company? ... 
10 Reasons to migrate off Windows XPI would like you to sit back, close your eyes and think about the year 2001. Think about how you used technology back then, how you used the Internet. Now, let’s take it a little bit further back in history and think of the year 2000. Just after we realized that the Year-2000-Problem was handled very well by the industry. How you used technology, how you used the Internet, the ... 
Office 365 Becomes First and Only Major Cloud Productivity Service to Comply With Leading EU and U.S. Standards for Data Protection and SecurityA long title but this was the title of the official press statement yesterday. Compliance is always a key question in the public cloud space. Therefore it is very important for us that we now achieved three things: Office 365 is compliant with EU Model Clauses, Data Processing Agreements and ISO 27001 among other standards. Office 365 is the first and only major ... 
Cybersecurity–More than a good headlineA lot of governments all across the globe are working on starting, restarting or pushing their Cybersecurity initiative. What often concerns me is, that the last real headline has more impact on the strategy and the themes to be addressed than a structure or a plan or a strategy. This made us thinking about what is needed to run a successful Cybersecurity Agenda within a country? What themes ought to be ... 
We just released Windows Server 2008 Hyper-V to manufacturing. You can find more information on our Virtualization Page Roger A question I often get is “How does Microsoft solve the problem x in their IT?” (e.g. How does Microsoft do Patch Management). These questions are usually directed towards MSIT (Microsoft IT as we call it) and not towards Microsoft as a vendor. I guess you know that we have a site called IT . . . → Read More: Deploying Forefront Client Security at Microsoft Our Chief Security Advisor in Italy spent quite some time to collect a list of web-pages and blogs with regards to Microsoft and Security. If you are looking for something, go there and find it Jhttp://blogs.technet.com/feliciano_intini/pages/microsoft-blogs-and-web-resources-about-security.aspx Roger I just wanted to make sure that you have seen the Advisory (Rise in SQL Injection Attacks Exploiting Unverified User Data Input) where we added some additional information. This is especially important as we did not “only” publish guidance but tools as well: Detection – HP Scrawlr (a free scanner from HP) Defense – . . . → Read More: New Information on SQL Injection Attacks I am very proud for the product team to tell you that Windows Vista Bitlocker™ completes FIPS 140-2 certification. If you are interested, you find the according certificate here. Roger There seems to be some problems deploying the latest security updates with System Center Configuration Manager 2007 to SMS 2003 Agents. If you have any challenges with that or need more information, please see the just published advisory System Center Configuration Manager 2007 Blocked from Deploying Security Updates Roger Often, when I talk to security people, they are telling me that if they would have more budget and money available, the problem would be much lower. Now, I have been in Qatar last week, one of the richest countries in my region. If you look at the GDP per capita (which is mainly . . . → Read More: Money talks in Security – Does it? A question that was often raised after the launch of Windows Server 2008 was about Server Core and our Security Bulletins: How do you know whether a Server Core installation needs updating as well? We just added a statement to our Security Bulletins this month answering this question. As an example in MS08-036 we state . . . → Read More: Server Core in our Security Bulletins I am in Qatar at the moment at the Doha Information Security Conference. They actually have a very interesting setup as they only have very short presentations (about 5-10 minutes) of approx. 2 people and from there on they are working with a panel discussion on the topic during the rest of the hour. As . . . → Read More: Are we talking about the right things? |
|
|||||
|
Copyright © 2012 Roger Halbheer on Security - All Rights Reserved |
||||||
