For business leaders, it has never been more important to have a regular, open dialogue about security with IT staff.
And yet, many IT professionals are struggling to connect with their executive leaders about the need to build effective security controls to keep pace with business innovation. It’s a theme that I heard again in conversations with industry pros at the Cloud Security Alliance Congress in Orlando, Florida, earlier this month. More >>
A few months ago we launched the Microsoft Security Intelligence Report (SIR) application that was designed to provide customers with an enhanced way to access the vast amount of threat intelligence contained in the SIR. The SIR app makes it easy to find, copy and share data from the Microsoft Security Intelligence Report. The SIR app runs on Windows 7 and Windows 8 based systems. Read more
Microsoft’s Perspective on the NIST Preliminary Cybersecurity Framework: Four Recommendations for the Final Stages of Development
Last week, Microsoft filed comments with the National Institute of Standards and Technology (NIST) on the Preliminary Cybersecurity Framework, which can be read here. I wanted to share a summary of our perspective on the Framework, as well as our recommendations to NIST as they continue development for final publication in February 2014. These comments are a continuation of our efforts to encourage thoughtful consideration of the Framework through convening events at our Innovation and Policy Center, participating in NIST’s Framework workshops, and delivering prior comments on the Framework and recommendations for incentives for its adoption. Read more
In our data-rich world, there’s mounting concern that today’s privacy models and legislative frameworks are less effective in terms of protecting people’s privacy than when they were developed. It’s time to evolve our collective thinking about how societies can protect the privacy of individuals while providing for responsible, beneficial data use. More >>
Many of the IT Professionals that contact our customer service and support group have common questions related to security incidents and are seeking guidance on how to mitigate threats from determined adversaries. Given the level of interest in this information and common scenarios that exist amongst different organizations, we are publishing a multi-part series which will detail common security incidents organizations face and provide recommended mitigations based on guidance from our Security Support team.
It is important to note that each phase has one or more technical and, more importantly, administrative controls that could have been used to block or slow down the attack. These mitigations are listed after each phase. Each mitigation addresses specific behaviors and attack vectors that have been seen previously in multiple security incidents. Read more.
One of the things I enjoyed most about the CSA Congress was spending time with people in and around the technology industry and the cloud computing sector. One of the presenters at this year’s congress, held the first week of December in Orlando, Florida, was Philip Lieberman, President of Lieberman Software, a provider of identity management and security products and a Microsoft Gold Certified Partner.
During his plenary address, Philip announced that Lieberman Software’s privileged identity management (PIM) solution, Enterprise Random Password Manager™ (ERPM), is now available on Windows Azure. Later I enjoyed spending time with Philip one to one, learning more about this solution and his business. More >>