Microsoft’s Free Security Tools – A Deeper Look at XSS Attacks and Microsoft’s free Anti-Cross-Site Scripting Library
Three key objectives of information security are to maintain the confidentiality, integrity and availability of an organization’s information. Most of the conversations I have with security professionals seem to revolve around the confidentiality and integrity of data. The topic of availability is typically broached only in discussions regarding DDOS attacks or Hackvitism. But more and more of the security professionals I have been talking to lately have been interested in topics related to reliability and availability; as their organizations adopt cloud services, more people seem to be interested in these topics.
When I write “availability” I mean that information and services can readily be accessed with a high level of Quality of Service.
Fewer than 15 percent of U.S. undergraduates are pursuing degrees in science and engineering. U.S. math and science test scores lag those of other nations, chiefly China and India. U.S. high schools are falling behind the rest of the world in computer science, and too few women and minorities are employed in science, technology, engineering and math (STEM) fields.
STEM subjects are arguably the foundation of our global economic future. Such skills are essential for almost any job, and are certainly imperative for nations to compete in an evolving marketplace. Indeed, STEM expertise likely holds the key to daunting global challenges, such as healthcare, hunger, poverty, and climate change. The U.S. Labor Department projects that by 2014, the U.S. will have more than two million job openings in STEM fields. The bottom line is: Will we be able to fill them?
Just a few weeks ago I had the honor of presenting a keynote at the Cloud Security Alliance (CSA) Congress 2012 in Orlando, Florida. My talk focused on the cloud security themes and topics that have been top of mind for Chief Information Security Officers (CISOs) and other security professionals that I have been talking to about cloud security.
Several trends have been influencing the ways security professionals have been thinking about the roles that Information Technology (IT) plays in their organizations and how associated risks are managed. The consumerization of IT, Big Data, the evolution of consumer privacy, targeted attacks, governments’ roles in cybersecurity, are all influencing conversations about IT and cloud computing.
I was fortunate to join privacy regulators and practitioners from around the world last week in Brussels to kick off our latest @Microsoft Conversations in Privacy panel discussion and deliver a keynote at the IAPP European Data Protection Congress. Head over to the Microsoft on the Issues blog where I share insights from my trip and highlight how this kind of engagement with privacy stakeholders helps Microsoft deliver the strong privacy protections customers expect.