|
||||||
10 Years of Trustworthy Computing at MicrosoftBefore joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this was 2001). Mainly they were along two lines: Oh, you are joining a desktop company? ... 
10 Reasons to migrate off Windows XPI would like you to sit back, close your eyes and think about the year 2001. Think about how you used technology back then, how you used the Internet. Now, let’s take it a little bit further back in history and think of the year 2000. Just after we realized that the Year-2000-Problem was handled very well by the industry. How you used technology, how you used the Internet, the ... 
Office 365 Becomes First and Only Major Cloud Productivity Service to Comply With Leading EU and U.S. Standards for Data Protection and SecurityA long title but this was the title of the official press statement yesterday. Compliance is always a key question in the public cloud space. Therefore it is very important for us that we now achieved three things: Office 365 is compliant with EU Model Clauses, Data Processing Agreements and ISO 27001 among other standards. Office 365 is the first and only major ... 
Cybersecurity–More than a good headlineA lot of governments all across the globe are working on starting, restarting or pushing their Cybersecurity initiative. What often concerns me is, that the last real headline has more impact on the strategy and the themes to be addressed than a structure or a plan or a strategy. This made us thinking about what is needed to run a successful Cybersecurity Agenda within a country? What themes ought to be ... 
To me, one of the benefits of moving to the Cloud is security – obviously besides availability and costs. Recent incidents made me doubt: Amazon not only having significant downtime but in the same time losing customer data. Sony’s game network being significantly compromised. This is definitely not to blame them but I was heavily . . . → Read More: Cloud computing providers: Clueless about security? Fairly often I am asked whether the Security Guides for our products still exist. The good news is: They do. The bad news is: They are called differently The previously stand-alone Microsoft product-specific security guides are now included within the Microsoft Security Compliance Manager (SCM) tool, which I blogged about several times already (e.g. . . . → Read More: Rediscover Microsoft Security Guides This is one of the rare more private posts on this blog and this time has nothing to do with security at all. Since ages one singer was always part of my wife’s and my live: Chris de Burgh. And even if it is uncool in our kid’s world, they love him and his songs . . . → Read More: Chris de Burgh: People of the World Stand Up for Freedom A few years ago, I wanted to run an exercise with our incident response team in Switzerland. A customer, the government and me came together to develop the goals and the scenario. One of the key question we tried to answer together with the university, which we wanted to use as observers was, whether we . . . → Read More: Mutual Authentication in Real Life–Launching a Nuclear Missile… A while ago we released the Microsoft Security Update Guide to explain how we release security updates and how you should/could work with our updates. It encompasses these themes: Get to know the security update release process Learn how to evaluate risk See how to mitigate security risks Understand how quickly you need to apply . . . → Read More: Microsoft Security Update Guide, Second Edition I just read this article on Google pulling 50 applications from their Android marketplace (Google uses remote delete to remove Android apps from smartphones – Update). A very good decision as these apps leverage an exploit to access user data. However, what made me think is that they removed the applications from the devices. This . . . → Read More: Is Remote-Application-Removal Acceptable? Do you know the feeling? You should share a large file with somebody outside your organization. The file is too big to be sent by e-mail. What can you do? Well, you might have a service by internal IT (we have one) which is not really user-friendly, hard to use and – as you do . . . → Read More: Aligning Security with the Business The world got small, didn’t it? This afternoon I decided to leave home early and go to the mountains. However, I had some conference calls tonight, where we usually use Lync (successor of Communicator). So, as I do not have a fixed line there, I dialed in with my 3G card, which gave me . . . → Read More: The New World of Work There are some high-level indsutry trends, which tend to be ignored by security officers. The CIO Central published an article, which I would even go further looking at the trends raised. . . . → Read More: Are You Focused On The Wrong Security Risks? As attacks are moving up the stack, PDF becomes the number 1 exploited file type. Make sure you patch all your applications . . . → Read More: Attacks on Application Level |
|
|||||
|
Copyright © 2012 Roger Halbheer on Security - All Rights Reserved |
||||||
