Andrea Valboni National Technology Officer Public Sector Microsoft Italy

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Andrea Valboni National Technology Officer Public Sector Microsoft Italy"

Transcription

1 Andrea Valboni National Technology Officer Public Sector Microsoft Italy CRITIS Frascati, 15 Ottobre 2008

2 Evolving Security Threat Landscape Trustworthy Computing Vision Addressing Security Threats Public Private Partnership

3 Where are threats heading next?

4 Within 1 day Within 2 hours 2 days prior Within 10 days Within 2 days Same day Within 38 days Within 3 days Within 3 days Within 7 days Within 11 days

5 Viruses, Spyware and Worms Botnets and Rootkits Phishing and Fraud Regulatory Compliance Development & Implementation Security Policies Reporting and Accountability Identity Management and Access Control Managing Remote Access Security Risk of Unmanaged PCs Deploying Security Updates System Identification and Configuration Security Policy Enforcement

6 Local Area Networks First PC virus Boot sector viruses Create notoriety or cause havoc Slow propagation 16-bit DOS Internet Era Macro viruses Script viruses Create notoriety or cause havoc Faster propagation 32-bit Windows Broadband prevalent Spyware, Spam Phishing Botnets Rootkits Financial motivation Internet wide impact 32-bit Windows Hyper jacking Peer to Peer Social engineering Application attacks Financial motivation Targeted attacks 64-bit Windows

7 Exponential Growth of IDs Identity and access management challenging Increasingly Sophisticated Malware Anti-malware alone is not sufficient Number of Digital IDs client/server Internet B2E mobility B2C B2B Number of variants from over 7,000 malware families (1H07) mainframe Pre-1980s 1980s 1990s 2000s Source: Microsoft Security Intelligence Report (January June 2007) Crime On The Rise Attacks Getting More Sophisticated Traditional defenses are inadequate National Interest Personal Gain Personal Fame Curiosity Largest segment by $ spent on defense Largest area by $ lost Thief Trespasser Vandal Largest area by volume Author Spy Fastest growing segment User GUI Applications Drivers O/S Hardware Physical Examples Spyware Rootkits Application attacks Phishing/Social engineering Script-Kiddy Amateur Expert Specialist

8 Major sections cover Software Vulnerability Disclosures Software Vulnerability Exploits Malicious Software and Potentially Unwanted Software Privacy and Security Breach Notifications

9 Malicious Software and Potentially Unwanted Software Data from several hundred million computers MSRT has a user base of 450+ million unique computers During 2H07 MSRT executed 2.5 billion times Since January 2005 total MSRT executions surpass 10 billion

10 More than 2,700 new vulnerabilities disclosed in 2H07 2H07 had the lowest number of disclosures since 2H05 Total vulnerabilities for 2007 lower than 2006 Industry-wide vulnerability disclosures by half-year, Industry-wide vulnerability disclosures by year,

11 900 security breach notifications, 12 countries Exploits, malware and hacking less than 23 percent of all notifications from , only 13 percent during 2H07 Breaches in 2H07 involved proportionally fewer hacking incidents than the last eight years as a whole 57% of breaches in 2H07 resulted from lost or stolen equipment Security breach incidents by type, H07, and 2H07 alone, expressed as percentages of the total Data sourced from the Data Loss Database at

12

13

14 Trustworthy Computing Vision

15 Predictable, Commitment, consistent, Microsoft responsive to customer-centric Security service centric Response Microsoft Interoperability Center Privacy (MSRC) Guidelines Maintainable,, easy Microsoft Automated configure Malware and Policy manage Protection based for developing solutions Center Software (MMPC) and Services Resilient, Recognized, works despite Secure changes industry leader, Windows Microsoft, world-class Initiative Data (SWI) partner Governance Framework Recoverable,, easily restored Open, Security transparent Science Managing and Protecting Proven,, ready to operate Personal Information Secure against attacks Protects confidentiality, TWC integrity and availability of data and systems Announced SDL begins Windows Server 2003 Build solutions that protect privacy Microsoft Online Crash Analysis Interop Vendor Alliance SQL Server 2005 Safe guard your corporate data Engineering Excellence Training and Guidelines Visual Studio 2005 Open Source Software Lab Protect Personal Privacy Microsoft Online Services with high Windows reliability Server Windows Transparent Practices in multiple data centers Windows 2003 SP1 Defender Windows (SDL, Vista Codeplex, etc.) Windows Vendor Engagement and Windows Hardware Quality Lab XP SP2 Malicious SW Windows Office 2007 Server 2008 Business Continuity explicitly designed DSI Launched Removal Tool in with prescriptive Live OneCare guidance Forefront SQL Server 2008

16

17 At Microsoft, we believe that delivering secure software requires Executive commitment SDL a mandatory policy at Microsoft since 2004 Core training Analyze security and privacy risk Define quality gates Threat modeling Attack surface analysis Specify tools Enforce banned functions Static analysis Dynamic/Fuzz testing Verify threat models/attack surface Response plan Final security review Release archive Response execution Ongoing Process Improvements 6 month cycle

18 First Year of Vulnerabilities* 2007* Vulnerabilities Fixed One Year After Release* Vulnerabilities disclosed and fixed Quarterly totals, ** 2006** *Source: **Source: Which database is more secure? Oracle vs. Microsoft, David D Litchfield, NGS Software, 21-November November-2006

19 Framework for Data Governance

20 Policy, People, Processes (and Technology)

21 No common identity management model No desktop or server standards, many images, no management standards Federated Identity Management across org. and platform boundaries Automated IT management, dynamic resource usage No networks and security standards Automated security and network management Adhoc protection of key data End to end data protection and disaster recovery Adhoc, reactive Proactive, Optimize cost & quality, End-to to-end service & policy management

22 Global Phishing Enforcement Initiative Digital PhishNet Global Infrastructure Alliance for Internet Safety Virus Information Alliance

23 I+4A Identity Claims Authentication Authorization Access Control Mechanisms Audit Trusted Data Trusted People Trusted Software Trusted Hardware Integrated Protection

24 Economic Forces Political/ Legislative Core Security Components Trusted Stack Identity Claims Authentication Authorization Access Control Mechanisms Audit I+4A Social Requirements Secure Foundation SDL and SD3 Integrated Protection Defense in Depth Threat Mitigation

25 A well Managed Secure Infrastructure is the key! Services Edge Fo re fro nt Edge er s Servlication A pp St irl in gm an ag em en t Enc ryp ting F i le Syst BitL em ock ( EF S er ) Server Applications d t an S n e i Cl ver O Ser Active Directory Federation Services (ADFS) Operations Manager 2007 Information Protection Client and Server OS Identity & Access Management Certificate Lifecycle Management Mobile Device Data Manager 2008 Protection Configuration Manager Manager 2007 Systems Management TWC SDL

26 Initiatives in Italy during 2007

27 La scuola ricomincia navigando (School starts again. Surfing) A pilot project for a single local municipality (Comune di Roma) with the following format: The Rome municipality send mail with project presentation to all the schools managers in Rome (kids aged 11-13) proposing them 1. One day of Classroom lessons by the local law enforcement agency (Polizia Postale e delle Comunicazioni) for all the students and the teachers using the Get Net Safe deck for presentation 2. Specific teacher training (Partner in Learning train the trainer with Microsoft security curricula) and resources to create classroom lessons 3. A contest for all the classroom involved (video production) 4. Materials for kids and parents to be distributed to all the participants

28 Child Exploitation Tracking System is a unique software tool that helps protect children from exploitation online. It enables more effective identification and prosecution of offenders by allowing governments to store, search, share, and analyze evidence in child exploitation cases across police agencies As of June 2007, the Child Exploitation Tracking System has been deployed in seven countries and is being used by over 400 investigators worldwide. With it, law enforcement agencies can break down borders through collaboration and information sharing Polizia Postale is the Italian Partner for this world wide program

29 Computer Online Forensic Evidence Extractor (COFEE) Not to cause unnecessary input to the target machine Collect the volatile data including network, and memory information for investigation Documentation of execution flow for court presentation Backup passwords from the machine for future forensic purpose Reconnaissance Digital Forensics Relevancy Reliability

30 Security Cooperation Program Designed to help government CERT in defending critical infrastructure in the PA space from IT threats, through advanced information sharing on MS security bullettins, workshops and training. Ad hoc local programs to address unique requirements for a given Country Might include the creation of competence centers on IT security, citizen s security initiative, Public Protection.

31 Microsoft Security Home Page: Microsoft Trustworthy Computing: Microsoft Forefront: Infrastructure Optimization: Microsoft Security Assessment Tool: General Information: Microsoft Live Safety Center: safety.live.com Microsoft Security Response Center: Security Development Lifecycle: msdn.microsoft.com/security/sdl Get the Facts on Windows and Linux: Anti-Malware: Microsoft OneCare Live: beta.windowsonecare.com Microsoft Defender: Spyware Criteria: Guidance Centers: Security Guidance Centers: Security Guidance for IT Professionals: The Microsoft Security Developer Center: msdn.microsoft.com/security The Security at Home Consumer Site:

32 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

33

34 Windows Vista in % fewer vulnerabilities than Windows XP 74% fewer vulnerabilities than the next closest (Ubuntu) 47% fewer high severity vulnerabilities than the next closest (Red Hat) Source:

Scott Charney Corporate Vice President, Trustworthy Computing Microsoft Corporation

Scott Charney Corporate Vice President, Trustworthy Computing Microsoft Corporation Scott Charney Corporate Vice President, Trustworthy Computing Microsoft Corporation Social: Enabling a global village Economic: Easier, faster, cheaper commerce Political: Freer exchange of ideas Loss

More information

Kevin Dean Technology Strategist Education Southeast Microsoft Corporation

Kevin Dean Technology Strategist Education Southeast Microsoft Corporation Kevin Dean Technology Strategist Education Southeast Microsoft Corporation Security Exploits History The Threat landscape today Microsoft Security Development Lifecycle State of Security today Trends in

More information

Operating System Security

Operating System Security Operating System Security Klaus Schütz Windows OS Security Microsoft Redmond Before I start My VP love(d) me A frustrated friend 1 Agenda Evolution of Threats Client vs. Server Security Operating System

More information

Microsoft Security Intelligence Report volume 7 (January through June 2009)

Microsoft Security Intelligence Report volume 7 (January through June 2009) Microsoft Security Intelligence Report volume 7 (January through June 2009) Key Findings Summary Volume 7 of the Microsoft Security Intelligence Report provides an in-depth perspective on malicious and

More information

Microsoft Security Incident Response. Roberto Arbeláez Security Program Manager for LATAM Microsoft Corporation

Microsoft Security Incident Response. Roberto Arbeláez Security Program Manager for LATAM Microsoft Corporation Microsoft Security Incident Response Roberto Arbeláez Security Program Manager for LATAM Microsoft Corporation roberto.arbelaez@microsoft.com Agenda Microsoft Security Stakeholders Threat Landscape Security

More information

Securing the Cloud Infrastructure

Securing the Cloud Infrastructure EXECUTIVE STRATEGY BRIEF Microsoft recognizes that security and privacy protections are essential to building the necessary customer trust for cloud computing to reach its full potential. This strategy

More information

Microsoft s cybersecurity commitment

Microsoft s cybersecurity commitment Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade

More information

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

Guidelines for Website Security and Security Counter Measures for e-e Governance Project and Security Counter Measures for e-e Governance Project Mr. Lalthlamuana PIO, DoICT Background (1/8) Nature of Cyber Space Proliferation of Information Technology Rapid Growth in Internet Increasing Online

More information

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz) How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz) Domain.Local DC Client DomainAdmin Attack Operator Advise Protect Detect Respond

More information

Creating A Culture of Security and Privacy in the Digital Age. Dave Welsh Microsoft Corporation dmwelsh@microsoft.com

Creating A Culture of Security and Privacy in the Digital Age. Dave Welsh Microsoft Corporation dmwelsh@microsoft.com Creating A Culture of Security and Privacy in the Digital Age Dave Welsh Microsoft Corporation dmwelsh@microsoft.com Situation Computers worldwide: 663 million1 Web users worldwide, 2004: 719,334,756,

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

Elements to a Secure Environment Becoming Resilient Towards Modern Cyberthreats. Windows XP Support Has Ended Why It Concerns You

Elements to a Secure Environment Becoming Resilient Towards Modern Cyberthreats. Windows XP Support Has Ended Why It Concerns You Elements to a Secure Environment Becoming Resilient Towards Modern Cyberthreats Windows XP Support Has Ended Why It Concerns You Protect Detect Respond 1 02 Windows XP support has ended Windows XP support

More information

Transparency. Privacy. Compliance. Security. What does privacy at Microsoft mean? Are you using my data to build advertising products?

Transparency. Privacy. Compliance. Security. What does privacy at Microsoft mean? Are you using my data to build advertising products? Privacy Transparency What does privacy at Microsoft mean? Are you using my data to build advertising products? Where is my data? Who has access to my data? Compliance What certifications and capabilities

More information

Student Tech Security Training. ITS Security Office

Student Tech Security Training. ITS Security Office Student Tech Security Training ITS Security Office ITS Security Office Total Security is an illusion security will always be slightly broken. Find strategies for living with it. Monitor our Network with

More information

Managing Security Risks in Modern IT Networks

Managing Security Risks in Modern IT Networks Managing Security Risks in Modern IT Networks White Paper Table of Contents Executive summary... 3 Introduction: networks under siege... 3 How great is the problem?... 3 Spyware: a growing issue... 3 Feeling

More information

EXECUTIVE STRATEGY BRIEF. Securing the Cloud Infrastructure. Cloud. Resources

EXECUTIVE STRATEGY BRIEF. Securing the Cloud Infrastructure. Cloud. Resources EXECUTIVE STRATEGY BRIEF Securing the Cloud Infrastructure Cloud Resources 01 Securing the Cloud Infrastructure / Executive Strategy Brief Securing the Cloud Infrastructure Microsoft recognizes that trust

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

Linux Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS QUARTER 2 NETWORKING AND OPERATING SYSTEMS ESSENTIALS. Module 1 - Office Applications

Linux Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS QUARTER 2 NETWORKING AND OPERATING SYSTEMS ESSENTIALS. Module 1 - Office Applications NETWORK ENGINEERING TRACK Linux Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS Module 1 - Office Applications This subject enables users to acquire the necessary knowledge and skills to use Office

More information

Public-Private Partnerships against cybercrime. Jean-Christophe Le Toquin Director Internet Safety Microsoft EMEA

Public-Private Partnerships against cybercrime. Jean-Christophe Le Toquin Director Internet Safety Microsoft EMEA Public-Private Partnerships against cybercrime Jean-Christophe Le Toquin Director Internet Safety Microsoft EMEA The need for Public Private Partnerships to fight cybercrime Evidence needed by police to

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information

Proven LANDesk Solutions

Proven LANDesk Solutions LANDesk Solutions Descriptions Proven LANDesk Solutions IT departments face pressure to reduce costs, reduce risk, and increase productivity in the midst of growing IT complexity. More than 4,300 organizations

More information

Education as a defense strategy. Jeannette Jarvis Group Program Manager PSS Security Microsoft

Education as a defense strategy. Jeannette Jarvis Group Program Manager PSS Security Microsoft Education as a defense strategy Jeannette Jarvis Group Program Manager PSS Security Microsoft Introduction to End User Security Awareness End User Security Awareness Challenges Understanding End User

More information

National Cyber Security Policy -2013

National Cyber Security Policy -2013 National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information

More information

The Security Development Lifecycle. Steven B. Lipner, CISSP SLipner@microsoft.com Senior Director Security Engineering Strategy Microsoft Corp.

The Security Development Lifecycle. Steven B. Lipner, CISSP SLipner@microsoft.com Senior Director Security Engineering Strategy Microsoft Corp. The Security Development Lifecycle Steven B. Lipner, CISSP SLipner@microsoft.com Senior Director Security Engineering Strategy Microsoft Corp. 2 Overview Introduction A look back Trustworthy Computing

More information

The Information Security Problem

The Information Security Problem Chapter 10 Objectives Describe the major concepts and terminology of EC security. Understand phishing and its relationship to financial crimes. Describe the information assurance security principles. Identify

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

Michael Nowacki, CISSP - ISSAP. Security & Management Solutions Specialist Microsoft Canada Michael.Nowacki@Microsoft.com

Michael Nowacki, CISSP - ISSAP. Security & Management Solutions Specialist Microsoft Canada Michael.Nowacki@Microsoft.com Michael Nowacki, CISSP - ISSAP Security & Management Solutions Specialist Microsoft Canada Michael.Nowacki@Microsoft.com More advanced Application-oriented More frequent Profit motivated Too many point

More information

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments Trusted protection for endpoints and messaging environments Overview Symantec Protection Suite Enterprise Edition creates a protected endpoint and messaging environment that is secure against today s complex

More information

Securing the Microsoft Cloud

Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and customers to fully embrace and benefit from cloud services. We are committed

More information

Evolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance

Evolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance Evolving Threats and Attacks: A Cloud Service Provider s viewpoint John Howie Senior Director Online Services Security and Compliance Introduction Microsoft s Cloud Infrastructure Evolution of Threats

More information

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec The next generation of antivirus technology from Symantec Overview Advanced threat protection combines Symantec AntiVirus with advanced threat prevention to deliver an unmatched defense against malware

More information

Windows Embedded Security and Surveillance Solutions

Windows Embedded Security and Surveillance Solutions Windows Embedded Security and Surveillance Solutions Windows Embedded 2010 Page 1 Copyright The information contained in this document represents the current view of Microsoft Corporation on the issues

More information

Microsoft Technologies

Microsoft Technologies NETWORK ENGINEERING TRACK Microsoft Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS Module 1 - Office Applications This subject enables users to acquire the necessary knowledge and skills to use

More information

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and

More information

FORBIDDEN - Ethical Hacking Workshop Duration

FORBIDDEN - Ethical Hacking Workshop Duration Workshop Course Module FORBIDDEN - Ethical Hacking Workshop Duration Lecture and Demonstration : 15 Hours Security Challenge : 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once

More information

ZENworks Patch Management. Doc Hodges Opportunity Response Team Novell, Inc.

ZENworks Patch Management. Doc Hodges Opportunity Response Team Novell, Inc. ZENworks Patch Management Doc Hodges Opportunity Response Team Novell, Inc. Are you prepared for business continuity threats? Unstable, malfunctioning systems resulting from attacks by viruses, worms and

More information

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination

More information

Endpoint protection for physical and virtual desktops

Endpoint protection for physical and virtual desktops datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become

More information

Understanding Anti-Malware Research and Response at Microsoft. An introduction to the Malware Protection Center

Understanding Anti-Malware Research and Response at Microsoft. An introduction to the Malware Protection Center Understanding Anti-Malware Research and Response at Microsoft An introduction to the Malware Protection Center Understanding Anti-Malware Research and Response at Microsoft An introduction to the Microsoft

More information

Injazat s Managed Services Portfolio

Injazat s Managed Services Portfolio Injazat s Managed Services Portfolio Overview Premium Managed Services to Transform Your IT Environment Injazat s Premier Tier IV Data Center is built to offer the highest level of security and reliability.

More information

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec The next generation of antivirus technology from Symantec Overview Advanced threat protection combines Symantec AntiVirus with advanced threat prevention to deliver an unmatched defense against malware

More information

Loophole+ with Ethical Hacking and Penetration Testing

Loophole+ with Ethical Hacking and Penetration Testing Loophole+ with Ethical Hacking and Penetration Testing Duration Lecture and Demonstration: 15 Hours Security Challenge: 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once said,

More information

Microsoft Security Development Lifecycle for IT. Rob Labbé Application Consulting and Engineering Services roblab@microsoft.com

Microsoft Security Development Lifecycle for IT. Rob Labbé Application Consulting and Engineering Services roblab@microsoft.com Microsoft Security Development Lifecycle for IT Rob Labbé Application Consulting and Engineering Services roblab@microsoft.com The Reasons for Secure Software There are many threats to data and systems

More information

Best Practices for a BYOD World

Best Practices for a BYOD World Face Today s Threats Head-On: Best Practices for a BYOD World Chris Vernon CISSP, VTSP Security Specialist Agenda Mobile Threats Overview 2013 State of Mobility Survey Canada BYOD Best Practices 2 Mobile

More information

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004 A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:

More information

Emerging Security Technological Threats

Emerging Security Technological Threats Emerging Security Technological Threats Jamie Gillespie Training and Education Team Leader, AusCERT About AusCERT Australia s national CERT Collect, monitor, advise on threats and vulnerabilities Incident

More information

Investigate and Resolve Vulnerability Reports. Microsoft Security Response Process. Building Relationships and Communications

Investigate and Resolve Vulnerability Reports. Microsoft Security Response Process. Building Relationships and Communications Investigate and Resolve Vulnerability Reports Staff public reporting alias Monitor security lists Single point of coordination and communications Microsoft Security Response Process Own and coordinate

More information

Endpoint protection for physical and virtual desktops

Endpoint protection for physical and virtual desktops datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become

More information

Lectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003

Lectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003 Lectures 9 Advanced Operating Systems Fundamental Security Computer Systems Administration TE2003 Lecture overview At the end of lecture 9 students can identify, describe and discuss: Main factors while

More information

ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS

ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS The Internet Threat Landscape Symantec TM Dean Turner Director Global Intelligence Network Symantec Security

More information

McAfee Acquires NitroSecurity

McAfee Acquires NitroSecurity McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security

More information

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist Cyber- Attacks: The New Frontier for Fraudsters Daniel Wanjohi, Technology Security Specialist What is it All about The Cyber Security Agenda ; Protecting computers, networks, programs and data from unintended

More information

Microsoft Update Management. Sam Youness Microsoft

Microsoft Update Management. Sam Youness Microsoft Microsoft Update Management Sam Youness Microsoft Microsoft s Areas of Focus for ICS Risk Management Secure Development Device and Network Security Identity and Access Management Operational Response Get

More information

IBM Endpoint Manager for Core Protection

IBM Endpoint Manager for Core Protection IBM Endpoint Manager for Core Protection Device control and endpoint protection designed to guard against malware and loss of sensitive data Highlights Delivers real-time endpoint protection against viruses,

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

Securing the Microsoft Cloud

Securing the Microsoft Cloud Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and consumers to fully embrace and benefit from

More information

Defending against modern threats Kruger National Park ICCWS 2015

Defending against modern threats Kruger National Park ICCWS 2015 Defending against modern threats Kruger National Park ICCWS 2015 Herman Opperman (CISSP, ncse, MCSE-Sec) - Architect, Cybersecurity Global Practice Microsoft Corporation Trends from the field Perimeter

More information

Information Security Threat Trends

Information Security Threat Trends Talk @ Microsoft Security Day Sep 2005 Information Security Threat Trends Mr. S.C. Leung 梁 兆 昌 Senior Consultant 高 級 顧 問 CISSP CISA CBCP M@PISA Email: scleung@hkcert.org 香 港 電 腦 保 安 事 故 協 調 中 心 Introducing

More information

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft) 1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction

More information

Navigating the Waters of Incident Response and Recovery

Navigating the Waters of Incident Response and Recovery Navigating the Waters of Incident Response and Recovery Lee Kim, Esq. Tucker Arensberg, P.C. CERT Symposium: Cyber Security Incident Management for Health Information Exchanges June 26, 2013 2013 Lee Kim

More information

Microsoft Security Intelligence Report Volume 13

Microsoft Security Intelligence Report Volume 13 Microsoft Security Intelligence Report Volume 13 Tim Rains Director, Trustworthy Computing, Microsoft Jeff Jones Director, Trustworthy Computing, Microsoft Session ID: DSP-R33 Session Classification: Intermediate

More information

Technology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications

Technology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security

More information

Total Defense Endpoint Premium r12

Total Defense Endpoint Premium r12 DATA SHEET Total Defense Endpoint Premium r12 Overview: Total Defense Endpoint Premium Edition r12 offers comprehensive protection for networks, endpoints and groupware systems from intrusions, malicious

More information

Cyber Security nei prodotti di automazione

Cyber Security nei prodotti di automazione Cyber Security nei prodotti di automazione Marco Biancardi, ABB SpA, Power System Division 11 dicembre 2013, Roma Why is it an issue? Isolated devices Point to point interfaces Proprietary networks Standard

More information

Implementing Security Update Management

Implementing Security Update Management Implementing Security Update Management Wayne Harris MCSE Senior Consultant Certified Security Solutions Business Case for Update Management When determining the potential financial impact of poor update

More information

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief RSA SecurID Authentication in Action: Securing Privileged User Access RSA SecurID solutions not only protect enterprises against access by outsiders, but also secure resources from internal threats The

More information

The Value of Vulnerability Management*

The Value of Vulnerability Management* The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda

More information

10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection. September 2011

10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection. September 2011 10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection September 2011 10 Potential Risks Facing Your IT Department: Multi-layered Security & Network Protection 2 It s

More information

Windows Phone 8 Security Overview

Windows Phone 8 Security Overview Windows Phone 8 Security Overview This white paper is part of a series of technical papers designed to help IT professionals evaluate Windows Phone 8 and understand how it can play a role in their organizations.

More information

HP Security Assessment Services

HP Security Assessment Services HP Security Assessment Services HP Data Center Services Technical data Your corporate information and intellectual property are important assets that you want to protect from unauthorized users. Developing

More information

Trend Micro. Advanced Security Built for the Cloud

Trend Micro. Advanced Security Built for the Cloud datasheet Trend Micro deep security as a service Advanced Security Built for the Cloud Organizations are embracing the economic and operational benefits of cloud computing, turning to leading cloud providers

More information

HIPAA DATA SECURITY & PRIVACY COMPLIANCE

HIPAA DATA SECURITY & PRIVACY COMPLIANCE HIPAA DATA SECURITY & PRIVACY COMPLIANCE This paper explores how isheriff Cloud Security enables organizations to meet HIPAA compliance requirements with technology and real-time data identification. Learn

More information

The Key to Secure Online Financial Transactions

The Key to Secure Online Financial Transactions Transaction Security The Key to Secure Online Financial Transactions Transferring money, shopping, or paying debts online is no longer a novelty. These days, it s just one of many daily occurrences on

More information

Privilege Gone Wild: The State of Privileged Account Management in 2015

Privilege Gone Wild: The State of Privileged Account Management in 2015 Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...

More information

Symantec Endpoint Protection

Symantec Endpoint Protection The next generation of antivirus technology from Overview Advanced threat protection combines AntiVirus with advanced threat prevention to deliver an unmatched defense against malware for laptops, desktops,

More information

CompTIA Security+ (Exam SY0-410)

CompTIA Security+ (Exam SY0-410) CompTIA Security+ (Exam SY0-410) Length: Location: Language(s): Audience(s): Level: Vendor: Type: Delivery Method: 5 Days 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals Intermediate

More information

Information Security Incident Management Guidelines

Information Security Incident Management Guidelines Information Security Incident Management Guidelines INFORMATION TECHNOLOGY SECURITY SERVICES http://safecomputing.umich.edu Version #1.0, June 21, 2006 Copyright 2006 by The Regents of The University of

More information

Woodcock-Johnson and Woodcock-Muñoz Language Survey Revised Normative Update Technical and Data Security Overview

Woodcock-Johnson and Woodcock-Muñoz Language Survey Revised Normative Update Technical and Data Security Overview Houghton Mifflin Harcourt - Riverside (HMH - Riverside) is pleased to offer online scoring and reporting for Woodcock-Johnson IV (WJ IV) and Woodcock-Muñoz Language Survey Revised Normative Update (WMLS-R

More information

Privilege Gone Wild: The State of Privileged Account Management in 2015

Privilege Gone Wild: The State of Privileged Account Management in 2015 Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

More information

IBM Endpoint Manager Product Introduction and Overview

IBM Endpoint Manager Product Introduction and Overview IBM Endpoint Manager Product Introduction and Overview David Harsent Technical Specialist Unified Endpoint IBM Endpoint Manager and IBM MobileFirst Protect (MaaS360) Any device. Identify and respond to

More information

2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security

2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security 2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security For 10 years, Microsoft has been studying and analyzing the threat landscape of exploits, vulnerabilities, and malware.

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 17 IT Security Controls, Plans and Procedures First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Implementing IT Security

More information

Information Technology Solutions

Information Technology Solutions Managed Services Information Technology Solutions A TBG Security Professional Services Offering LET TBG MANAGE YOUR INFRASTRUCTURE WITH CONFIDENCE: TBG S INTEGRATED IT AUTOMATION FRAMEWORK PROVIDES: Computer

More information

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming

More information

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A

More information

have adequate policies and practices for secure data disposal have not established a formal 22% risk management program

have adequate policies and practices for secure data disposal have not established a formal 22% risk management program do not have budgeted disaster 38% recovery plans do not use standardized data 37% classification do not have a plan for responding to 29% security breaches 23% have adequate policies and practices for

More information

How Microsoft runs IT. Ludwig Wilhelm CIO Central & Eastern Europe Microsoft IT

How Microsoft runs IT. Ludwig Wilhelm CIO Central & Eastern Europe Microsoft IT How Microsoft runs IT Ludwig Wilhelm CIO Central & Eastern Europe Microsoft IT 2 Source: Accenture Cloudrise: Rewards & Risks at the Dawn of Cloud Computing, November 2010 3 Source: Accenture Cloudrise:

More information

Symantec Protection Suite Small Business Edition

Symantec Protection Suite Small Business Edition Easy-to-use, all-in-one suite designed for small businesses Overview Suite Small Business is an easyto-use, all-in-one suite that secures your critical business assets and information against today s complex

More information

Spyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc.

Spyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc. Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References

More information

Course overview. CompTIA A+ Certification (Exam 220 902) Official Study Guide (G188eng verdraft)

Course overview. CompTIA A+ Certification (Exam 220 902) Official Study Guide (G188eng verdraft) Overview This 5-day course is intended for those wishing to qualify with. A+ is a foundation-level certification designed for IT professionals with around 1 year's experience whose job role is focused

More information

Meng-Chow Kang, CISSP, CISA (ISC) 2 Asia Advisory Board. Chief Security Advisor Microsoft Greater China Region

Meng-Chow Kang, CISSP, CISA (ISC) 2 Asia Advisory Board. Chief Security Advisor Microsoft Greater China Region Meng-Chow Kang, CISSP, CISA (ISC) 2 Asia Advisory Board Chief Security Advisor Microsoft Greater China Region Vulnerability Disclosure, Malware, and Potentially Unwanted Software Information challenges

More information

Getting Ahead of Malware

Getting Ahead of Malware IT@Intel White Paper Intel Information Technology Security December 2009 Getting Ahead of Malware Executive Overview Since implementing our security event monitor and detection processes two years ago,

More information

Data Center Security in a World Without Perimeters

Data Center Security in a World Without Perimeters www.iss.net Data Center Security in a World Without Perimeters September 19, 2006 Dave McGinnis Director of MSS Architecture Agenda Securing the Data Center What threats are we facing? What are the risks?

More information

Simphony v2 Antivirus Recommendations

Simphony v2 Antivirus Recommendations DECLARATIONS WARRANTIES Although the best efforts are made to ensure that the information in this document is complete and correct, MICROS Systems, Inc. makes no warranty of any kind with regard to this

More information

Symantec Protection Suite Small Business Edition

Symantec Protection Suite Small Business Edition Easy-to-use, all-in-one suite designed for small businesses Overview Suite Small Business Edition is an easyto-use, all-in-one suite that secures your critical business assets and information against today

More information

Cyber Essentials Scheme

Cyber Essentials Scheme Cyber Essentials Scheme Requirements for basic technical protection from cyber attacks June 2014 December 2013 Contents Contents... 2 Introduction... 3 Who should use this document?... 3 What can these

More information

Fear Not What Security Can Do to Your Firm; Instead, Imagine What Your Firm Can Do When Secured!

Fear Not What Security Can Do to Your Firm; Instead, Imagine What Your Firm Can Do When Secured! Fear Not What Security Can Do to Your Firm; Instead, Imagine What Your Firm Can Do When Secured! Presented by: Kristen Zarcadoolas, Jim Soenksen, and Ed Sale PART 2: plan, act, repeat (from the look, plan,

More information