Microsoft hosts cybersecurity and privacy professionals for discussion about the Cybersecurity Framework

Last week, Microsoft’s Innovation & Policy Center in Washington, D.C. convened a distinguished group of cybersecurity and privacy professionals from across industry sectors for a panel discussion about the forthcoming Cybersecurity Framework, expected from the National Institute of Standards and Technology (NIST) in February 2014, and its implications for critical infrastructure organizations. 

I was pleased to participate as a panelist alongside:

  • Mark Clancy, CISO of the Depository Trust and Clearing Corporation
  • Trevor Hughes, President and CEO of the International Association of Privacy Professionals
  • Mike Kuberski, Chief Information Security Officer of Pepco Holdings
  • Larry Trittschuh, Executive Director for Threat Management, General Electric
  • Fred Cate, Indiana University Maurer School of Law, who served as moderator

Read more

Read more Microsoft hosts cybersecurity and privacy professionals for discussion about the Cybersecurity Framework

Newer software can increase your computer security

Read more Newer software can increase your computer security

RSA Europe 2013: Operational Security for Online Services

Today, at the RSA Conference Europe in Amsterdam, I gave a presentation on an important update to Microsoft’s security efforts – Operational Security Assurance (OSA). The design of a secure operations methodology is part of our ongoing commitment to enable trustworthy computing in all aspects of our online services, and OSA represents the next evolution of these efforts.

Since 2004, the Microsoft Security Development Lifecycle (SDL) has helped developers to build more secure software from the ground up. But the job doesn’t end there. Attacks do not necessarily target weaknesses in software. Some attacks are operational in nature, while others, like the Flame malware, target both software vulnerabilities and operational weaknesses. Defending cloud services against network attacks requires both strong development practices, like SDL, and a strong operational security regime. The following list includes a number of ways that OSA adds considerable value to the focus on infrastructure issues and operational security..  Read more

Read more RSA Europe 2013: Operational Security for Online Services

Microsoft Security Intelligence Report Volume 15 Now Available!

This morning, at the RSA Europe conference, Mike Reavey, General Manager for Trustworthy Computing delivered a keynote in which he announced the release of the Microsoft Security Intelligence Report volume 15 (SIRv15).  The Microsoft Security Intelligence Report is the most comprehensive cybersecurity threat intelligence report in the industry that analyzes and provides in-depth perspectives on exploits, vulnerabilities, and malware for more than 100 countries/regions worldwide.  It is designed to provide prescriptive guidance which can help our customers manage risk and protect their assets.

In addition to many other key learnings, the report examines the security risks of running unsupported software and looks at the implications of using Windows XP once support, including security updates, ends on April 8, 2014.  I encourage you to check out my post titled ““New Cybersecurity Report Details Risk of Running Unsupported Software” on the Microsoft on the Issues blog which discusses the data on this topic in greater detail for more information.  To download the new Security Intelligence Report, please visit www.microsoft.com/sir.

Read more Microsoft Security Intelligence Report Volume 15 Now Available!

Getting Seniors in the Game

Read more Getting Seniors in the Game

A New Era of Operational Security in Online Services

Tomorrow I will have the opportunity to keynote at the RSA Conference Europe and discuss the work I’ve been involved with overseeing Operational Security for Microsoft Online Services. This is a topic that I am deeply passionate about and as Microsoft’s investment in the OneMicrosoft initiative becomes a primary focus of my work in the coming years. Read more

Read more A New Era of Operational Security in Online Services

Safer is sweeter

Read more Safer is sweeter

Kids and Internet safety: What’s the right age?

Read more Kids and Internet safety: What’s the right age?

How do I update my computer?

Read more How do I update my computer?

Advancing the Discussion on Cybersecurity Norms

Posted by Matt Thomlinson, general manager, Trustworthy Computing

Last week I participated in the Seoul Conference on Cyberspace 2013, where I spoke on a panel on capacity building, and also participated in the ICT4Peace Foundation’s special session at the conference.

During the capacity-building panel, I discussed how over the next six years, another two billion users will come online, basically doubling the Internet population.  The majority of these users will be from emerging economies, who will still be bringing large portions of their populations online.   But with the ability to realize the social and economic benefits of cyberspace also come a new challenge - cybersecurity is necessary to sustain confidence and growth. Read more

Read more Advancing the Discussion on Cybersecurity Norms