|
||||||
Consumerization of IT–How to address thisBring Your Own Device or Consumerization of IT are fairly hot themes in a lot of customer organizations. When I talk to customers, there are typically different reactions, once we bring this up. Some tell us, that it is not part of their strategy; some tell us that they plan to do it but that they have a hard time figuring out, how to secure such an environment; very, very ... 
10 Years of Trustworthy Computing at MicrosoftBefore joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this was 2001). Mainly they were along two lines: Oh, you are joining a desktop company? ... 
10 Reasons to migrate off Windows XPI would like you to sit back, close your eyes and think about the year 2001. Think about how you used technology back then, how you used the Internet. Now, let’s take it a little bit further back in history and think of the year 2000. Just after we realized that the Year-2000-Problem was handled very well by the industry. How you used technology, how you used the Internet, the ... 
Office 365 Becomes First and Only Major Cloud Productivity Service to Comply With Leading EU and U.S. Standards for Data Protection and SecurityA long title but this was the title of the official press statement yesterday. Compliance is always a key question in the public cloud space. Therefore it is very important for us that we now achieved three things: Office 365 is compliant with EU Model Clauses, Data Processing Agreements and ISO 27001 among other standards. Office 365 is the first and only major ... 
Cool title, isn’t it? And you really read this post? Well then: We announced yesterday at PDC that we now will name the next version of Windows as we code named it: Windows 7! So, you can read Mike Nash’s blog post about that: http://windowsvistablog.com/blogs/windowsvista/archive/2008/10/13/introducing-windows-7.aspx Roger As you know (at least I hope that you do) we introduced Network Access Protection with Windows Server 2008. Thomas Shinder now published an article on WindowsSecurity.com about how to implement NAP and IPSec and Domain Isolation via Group Policies. It is a first part of a very good step-by-step guide: Deploying IPsec Server . . . → Read More: Deploying IPsec Server and Domain Isolation using Windows Server 2008 Group Policy It is still something, people love to blog about: User Account Control. It is one of the most discussed features in Windows Vista. Now, our engineering team published a blog about the learnings and a few things about what we are going to do in Windows 7 based on the learnings: http://blogs.msdn.com/e7/archive/2008/10/08/user-account-control.aspx . . . → Read More: User Account Control and What We Learned You probably know them: The 10 Immutable Laws of Security, we published I think around 2000 and they were often cited. They are: Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore Law #2: If a bad guy can alter the operating . . . → Read More: Challenging the 10 Immutable Laws of Security If you are looking into deploying Network Access Protection, have a look at the recently published Network Access Protection Design Guide Roger It happens pretty often but this time it seems to be wider spread then normal as our traffic with regards to this issue is higher than usual: There is a mail circulating pretending that it is coming from Steve Lipner here at Microsoft telling you to install the attached update (see the mail below). . . . → Read More: Once Again: A Scam using Microsoft’s Name to Install Malware Following the attacks on Estonia, they published a pretty interesting paper called Cyber Security Strategy by the Ministry of Defense in Estonia. One thing which I see again and again is that most of the people looking into such strategies conclude that strong collaboration is needed between the different players as well as across country . . . → Read More: Estonia’s Cyber Security Strategy SAFECode just released a new paper called Fundamental Practices for Secure Software Development. This is a collaboration of different people from different companies (SAP, EMC, Symantec, Juniper, Nokia and Microsoft). As you probably know, SAFECode is a Forum to share good practices around development of secure software. It is about learning from each other . . . → Read More: SAFECode released „Fundamental Practices for Secure Software Development” This is completely new but end of September we published the version 3 of the documentation on the Common Criteria certification for Windows XP SP2 and Windows Server 2003 R2 SP2. Read this in Tim Myer’s Blog: Version 3.0 of Windows XP and Windows Server 2003 Guidance Documentation Released Roger It goes on and on and on: Read this one Judge Suppresses Report on Voting Machine Security Roger |
|
|||||
|
Copyright © 2012 Roger Halbheer on Security - All Rights Reserved Powered by WordPress & Atahualpa |
||||||
