At Microsoft, the security of our customers' networks, business servers, end-user computers, mobile devices and data assets are a top priority. For most organisations, strengthening the security of your computing environment and your business is best achieved through an approach incorporating, People, Process and Technology.

• People: Employees should be trained and made aware of security policies and how security applies to their daily job activities so that they do not inadvertently expose the company to greater risks.
• Processes: The security of an organisation is dependent on the operational procedures, processes and guidelines that are applied to the environment. They enhance the security of an organisation by including more than just technology defenses. Accurate environment documentation and guidelines are critical to govern, support and maintain the security of the environment.
• Technology: Perimeter defense addresses security at network borders, where your internal network connects to the outside world. Rigorous authentication procedures for users, administrators and remote users help prevent outsiders from gaining unauthorised access to the network through the use of local or remote attacks. Secure application development methodologies are key to ensuring that in-house or contracted developed applications address security threat models that could leave an organisation
  open to exploits.

See the presentations from the Microsoft Pillar Room at Infosecurity 2008.