I was reading an interesting article: Forrester Pushes ‘Zero Trust’ Model For Security, where they mainly claim that you should not trust your internal network – something I am asking for since a long time. However, the conclusions Forrester and me are drawing are slightly different. John Kindervag – the person quoted in the article . . . → Read More: Is a “Zero-Trust” Model the Silver Bullet?
|
||||||
10 Years of Trustworthy Computing at MicrosoftBefore joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this was 2001). Mainly they were along two lines: Oh, you are joining a desktop company? ... 
10 Reasons to migrate off Windows XPI would like you to sit back, close your eyes and think about the year 2001. Think about how you used technology back then, how you used the Internet. Now, let’s take it a little bit further back in history and think of the year 2000. Just after we realized that the Year-2000-Problem was handled very well by the industry. How you used technology, how you used the Internet, the ... 
Office 365 Becomes First and Only Major Cloud Productivity Service to Comply With Leading EU and U.S. Standards for Data Protection and SecurityA long title but this was the title of the official press statement yesterday. Compliance is always a key question in the public cloud space. Therefore it is very important for us that we now achieved three things: Office 365 is compliant with EU Model Clauses, Data Processing Agreements and ISO 27001 among other standards. Office 365 is the first and only major ... 
Cybersecurity–More than a good headlineA lot of governments all across the globe are working on starting, restarting or pushing their Cybersecurity initiative. What often concerns me is, that the last real headline has more impact on the strategy and the themes to be addressed than a structure or a plan or a strategy. This made us thinking about what is needed to run a successful Cybersecurity Agenda within a country? What themes ought to be ... 
It is an interesting and difficult question. What can we do to really be able to stay on top? Or shall we give up? Well, clearly, I do not think so. I read this article today, which really made me think: Black Hats are Winning, Symantec Says – wow! A fairly clear statement. We lost . . . → Read More: Are We Losing the Fight Against Cybercrime? I am convinced that there are workloads that can and should be moved to the Cloud: For security reasons as well as for economical reasons. E-Mail might well be the first one of them. There is a good post on that: Editor’s Note: Email, the Lowest-Hanging Fruit of the Cloud Roger This month it is pretty important to read the Security Research and Defense blog post: Assessing the risk of the August security updates It might help you to get an overview on the biggest release ever Roger You know my opinion on collaboration between countries, on public-private-partnerships as well as on collaboration between companies. Since quite a while we run a program called MAPP – the Microsoft Active Protections Program, where we share vulnerability information with security vendors to help them to get signatures out to our joint customers the moment we . . . → Read More: Microsoft and Adobe: Collaboration Against Threats I recently blogged about the Beta version of our Security Compliance Manger, helping you to manage the security baselines in your organization. There are some screenshots in the corresponding post: Making the Management of Security Compliance Easier! Now, we released the final version of it. It can be found here: Microsoft Security Compliance Manager Roger . . . → Read More: Microsoft Security Compliance Manager: Now available! I was recently pinged by a customer asking for the “real” version of this game. It was distributed at RSA in the US and I do not have any anymore – but you can still print it yourself. So, if you want to introduce SDL or if you introduced it already and want to . . . → Read More: Want to introduce the Security Development Lifecycle? Play a Game On February 24th we announced the work we did on taking down Waledac – read Tim Cranton’s blog post called Cracking Down on Botnets. Now it is time to look back and try to understand what we learned so far. sudosecure traces the Waledac infections and give a good view of new infections by the . . . → Read More: Results of Operation b49 (Botnet Takedown) To start with: I am an engineer not a lawyer – and this might be part of the problem… When I started to think about the Cloud and security and thought about all the work I do with Law Enforcement and the challenges they face. Additionally, I started to think about the legal challenges we . . . → Read More: Legal Challenges of International Business and the Cloud Our EMEA Security Program Manager, Henk van Roest, started this series internally and with his consent I am publishing it here in my blog as I think it contains a lot of great information for you to use. So far, in the first 4 chapters, we have addressed the usual excuses for not Managing Your . . . → Read More: Why it pays to be secure – Chapter 5 – I need tools! |
|
|||||
|
Copyright © 2012 Roger Halbheer on Security - All Rights Reserved |
||||||
