Andrea Valboni National Technology Officer Public Sector Microsoft Italy
|
|
- Imogen Abigail Powell
- 8 years ago
- Views:
Transcription
1 Andrea Valboni National Technology Officer Public Sector Microsoft Italy CRITIS Frascati, 15 Ottobre 2008
2 Evolving Security Threat Landscape Trustworthy Computing Vision Addressing Security Threats Public Private Partnership
3 Where are threats heading next?
4 Within 1 day Within 2 hours 2 days prior Within 10 days Within 2 days Same day Within 38 days Within 3 days Within 3 days Within 7 days Within 11 days
5 Viruses, Spyware and Worms Botnets and Rootkits Phishing and Fraud Regulatory Compliance Development & Implementation Security Policies Reporting and Accountability Identity Management and Access Control Managing Remote Access Security Risk of Unmanaged PCs Deploying Security Updates System Identification and Configuration Security Policy Enforcement
6 Local Area Networks First PC virus Boot sector viruses Create notoriety or cause havoc Slow propagation 16-bit DOS Internet Era Macro viruses Script viruses Create notoriety or cause havoc Faster propagation 32-bit Windows Broadband prevalent Spyware, Spam Phishing Botnets Rootkits Financial motivation Internet wide impact 32-bit Windows Hyper jacking Peer to Peer Social engineering Application attacks Financial motivation Targeted attacks 64-bit Windows
7 Exponential Growth of IDs Identity and access management challenging Increasingly Sophisticated Malware Anti-malware alone is not sufficient Number of Digital IDs client/server Internet B2E mobility B2C B2B Number of variants from over 7,000 malware families (1H07) mainframe Pre-1980s 1980s 1990s 2000s Source: Microsoft Security Intelligence Report (January June 2007) Crime On The Rise Attacks Getting More Sophisticated Traditional defenses are inadequate National Interest Personal Gain Personal Fame Curiosity Largest segment by $ spent on defense Largest area by $ lost Thief Trespasser Vandal Largest area by volume Author Spy Fastest growing segment User GUI Applications Drivers O/S Hardware Physical Examples Spyware Rootkits Application attacks Phishing/Social engineering Script-Kiddy Amateur Expert Specialist
8 Major sections cover Software Vulnerability Disclosures Software Vulnerability Exploits Malicious Software and Potentially Unwanted Software Privacy and Security Breach Notifications
9 Malicious Software and Potentially Unwanted Software Data from several hundred million computers MSRT has a user base of 450+ million unique computers During 2H07 MSRT executed 2.5 billion times Since January 2005 total MSRT executions surpass 10 billion
10 More than 2,700 new vulnerabilities disclosed in 2H07 2H07 had the lowest number of disclosures since 2H05 Total vulnerabilities for 2007 lower than 2006 Industry-wide vulnerability disclosures by half-year, Industry-wide vulnerability disclosures by year,
11 900 security breach notifications, 12 countries Exploits, malware and hacking less than 23 percent of all notifications from , only 13 percent during 2H07 Breaches in 2H07 involved proportionally fewer hacking incidents than the last eight years as a whole 57% of breaches in 2H07 resulted from lost or stolen equipment Security breach incidents by type, H07, and 2H07 alone, expressed as percentages of the total Data sourced from the Data Loss Database at
12
13
14 Trustworthy Computing Vision
15 Predictable, Commitment, consistent, Microsoft responsive to customer-centric Security service centric Response Microsoft Interoperability Center Privacy (MSRC) Guidelines Maintainable,, easy Microsoft Automated configure Malware and Policy manage Protection based for developing solutions Center Software (MMPC) and Services Resilient, Recognized, works despite Secure changes industry leader, Windows Microsoft, world-class Initiative Data (SWI) partner Governance Framework Recoverable,, easily restored Open, Security transparent Science Managing and Protecting Proven,, ready to operate Personal Information Secure against attacks Protects confidentiality, TWC integrity and availability of data and systems Announced SDL begins Windows Server 2003 Build solutions that protect privacy Microsoft Online Crash Analysis Interop Vendor Alliance SQL Server 2005 Safe guard your corporate data Engineering Excellence Training and Guidelines Visual Studio 2005 Open Source Software Lab Protect Personal Privacy Microsoft Online Services with high Windows reliability Server Windows Transparent Practices in multiple data centers Windows 2003 SP1 Defender Windows (SDL, Vista Codeplex, etc.) Windows Vendor Engagement and Windows Hardware Quality Lab XP SP2 Malicious SW Windows Office 2007 Server 2008 Business Continuity explicitly designed DSI Launched Removal Tool in with prescriptive Live OneCare guidance Forefront SQL Server 2008
16
17 At Microsoft, we believe that delivering secure software requires Executive commitment SDL a mandatory policy at Microsoft since 2004 Core training Analyze security and privacy risk Define quality gates Threat modeling Attack surface analysis Specify tools Enforce banned functions Static analysis Dynamic/Fuzz testing Verify threat models/attack surface Response plan Final security review Release archive Response execution Ongoing Process Improvements 6 month cycle
18 First Year of Vulnerabilities* 2007* Vulnerabilities Fixed One Year After Release* Vulnerabilities disclosed and fixed Quarterly totals, ** 2006** *Source: **Source: Which database is more secure? Oracle vs. Microsoft, David D Litchfield, NGS Software, 21-November November-2006
19 Framework for Data Governance
20 Policy, People, Processes (and Technology)
21 No common identity management model No desktop or server standards, many images, no management standards Federated Identity Management across org. and platform boundaries Automated IT management, dynamic resource usage No networks and security standards Automated security and network management Adhoc protection of key data End to end data protection and disaster recovery Adhoc, reactive Proactive, Optimize cost & quality, End-to to-end service & policy management
22 Global Phishing Enforcement Initiative Digital PhishNet Global Infrastructure Alliance for Internet Safety Virus Information Alliance
23 I+4A Identity Claims Authentication Authorization Access Control Mechanisms Audit Trusted Data Trusted People Trusted Software Trusted Hardware Integrated Protection
24 Economic Forces Political/ Legislative Core Security Components Trusted Stack Identity Claims Authentication Authorization Access Control Mechanisms Audit I+4A Social Requirements Secure Foundation SDL and SD3 Integrated Protection Defense in Depth Threat Mitigation
25 A well Managed Secure Infrastructure is the key! Services Edge Fo re fro nt Edge er s Servlication A pp St irl in gm an ag em en t Enc ryp ting F i le Syst BitL em ock ( EF S er ) Server Applications d t an S n e i Cl ver O Ser Active Directory Federation Services (ADFS) Operations Manager 2007 Information Protection Client and Server OS Identity & Access Management Certificate Lifecycle Management Mobile Device Data Manager 2008 Protection Configuration Manager Manager 2007 Systems Management TWC SDL
26 Initiatives in Italy during 2007
27 La scuola ricomincia navigando (School starts again. Surfing) A pilot project for a single local municipality (Comune di Roma) with the following format: The Rome municipality send mail with project presentation to all the schools managers in Rome (kids aged 11-13) proposing them 1. One day of Classroom lessons by the local law enforcement agency (Polizia Postale e delle Comunicazioni) for all the students and the teachers using the Get Net Safe deck for presentation 2. Specific teacher training (Partner in Learning train the trainer with Microsoft security curricula) and resources to create classroom lessons 3. A contest for all the classroom involved (video production) 4. Materials for kids and parents to be distributed to all the participants
28 Child Exploitation Tracking System is a unique software tool that helps protect children from exploitation online. It enables more effective identification and prosecution of offenders by allowing governments to store, search, share, and analyze evidence in child exploitation cases across police agencies As of June 2007, the Child Exploitation Tracking System has been deployed in seven countries and is being used by over 400 investigators worldwide. With it, law enforcement agencies can break down borders through collaboration and information sharing Polizia Postale is the Italian Partner for this world wide program
29 Computer Online Forensic Evidence Extractor (COFEE) Not to cause unnecessary input to the target machine Collect the volatile data including network, and memory information for investigation Documentation of execution flow for court presentation Backup passwords from the machine for future forensic purpose Reconnaissance Digital Forensics Relevancy Reliability
30 Security Cooperation Program Designed to help government CERT in defending critical infrastructure in the PA space from IT threats, through advanced information sharing on MS security bullettins, workshops and training. Ad hoc local programs to address unique requirements for a given Country Might include the creation of competence centers on IT security, citizen s security initiative, Public Protection.
31 Microsoft Security Home Page: Microsoft Trustworthy Computing: Microsoft Forefront: Infrastructure Optimization: Microsoft Security Assessment Tool: General Information: Microsoft Live Safety Center: safety.live.com Microsoft Security Response Center: Security Development Lifecycle: msdn.microsoft.com/security/sdl Get the Facts on Windows and Linux: Anti-Malware: Microsoft OneCare Live: beta.windowsonecare.com Microsoft Defender: Spyware Criteria: Guidance Centers: Security Guidance Centers: Security Guidance for IT Professionals: The Microsoft Security Developer Center: msdn.microsoft.com/security The Security at Home Consumer Site:
32 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
33
34 Windows Vista in % fewer vulnerabilities than Windows XP 74% fewer vulnerabilities than the next closest (Ubuntu) 47% fewer high severity vulnerabilities than the next closest (Red Hat) Source:
Scott Charney Corporate Vice President, Trustworthy Computing Microsoft Corporation
Scott Charney Corporate Vice President, Trustworthy Computing Microsoft Corporation Social: Enabling a global village Economic: Easier, faster, cheaper commerce Political: Freer exchange of ideas Loss
More informationKevin Dean Technology Strategist Education Southeast Microsoft Corporation
Kevin Dean Technology Strategist Education Southeast Microsoft Corporation Security Exploits History The Threat landscape today Microsoft Security Development Lifecycle State of Security today Trends in
More informationOperating System Security
Operating System Security Klaus Schütz Windows OS Security Microsoft Redmond Before I start My VP love(d) me A frustrated friend 1 Agenda Evolution of Threats Client vs. Server Security Operating System
More informationMicrosoft Security Intelligence Report volume 7 (January through June 2009)
Microsoft Security Intelligence Report volume 7 (January through June 2009) Key Findings Summary Volume 7 of the Microsoft Security Intelligence Report provides an in-depth perspective on malicious and
More informationSecuring the Cloud Infrastructure
EXECUTIVE STRATEGY BRIEF Microsoft recognizes that security and privacy protections are essential to building the necessary customer trust for cloud computing to reach its full potential. This strategy
More informationMicrosoft s cybersecurity commitment
Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade
More informationGuidelines for Website Security and Security Counter Measures for e-e Governance Project
and Security Counter Measures for e-e Governance Project Mr. Lalthlamuana PIO, DoICT Background (1/8) Nature of Cyber Space Proliferation of Information Technology Rapid Growth in Internet Increasing Online
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationCreating A Culture of Security and Privacy in the Digital Age. Dave Welsh Microsoft Corporation dmwelsh@microsoft.com
Creating A Culture of Security and Privacy in the Digital Age Dave Welsh Microsoft Corporation dmwelsh@microsoft.com Situation Computers worldwide: 663 million1 Web users worldwide, 2004: 719,334,756,
More informationHow we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)
How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz) Domain.Local DC Client DomainAdmin Attack Operator Advise Protect Detect Respond
More informationTransparency. Privacy. Compliance. Security. What does privacy at Microsoft mean? Are you using my data to build advertising products?
Privacy Transparency What does privacy at Microsoft mean? Are you using my data to build advertising products? Where is my data? Who has access to my data? Compliance What certifications and capabilities
More informationElements to a Secure Environment Becoming Resilient Towards Modern Cyberthreats. Windows XP Support Has Ended Why It Concerns You
Elements to a Secure Environment Becoming Resilient Towards Modern Cyberthreats Windows XP Support Has Ended Why It Concerns You Protect Detect Respond 1 02 Windows XP support has ended Windows XP support
More informationStudent Tech Security Training. ITS Security Office
Student Tech Security Training ITS Security Office ITS Security Office Total Security is an illusion security will always be slightly broken. Find strategies for living with it. Monitor our Network with
More informationEXECUTIVE STRATEGY BRIEF. Securing the Cloud Infrastructure. Cloud. Resources
EXECUTIVE STRATEGY BRIEF Securing the Cloud Infrastructure Cloud Resources 01 Securing the Cloud Infrastructure / Executive Strategy Brief Securing the Cloud Infrastructure Microsoft recognizes that trust
More informationPublic-Private Partnerships against cybercrime. Jean-Christophe Le Toquin Director Internet Safety Microsoft EMEA
Public-Private Partnerships against cybercrime Jean-Christophe Le Toquin Director Internet Safety Microsoft EMEA The need for Public Private Partnerships to fight cybercrime Evidence needed by police to
More informationManaging Security Risks in Modern IT Networks
Managing Security Risks in Modern IT Networks White Paper Table of Contents Executive summary... 3 Introduction: networks under siege... 3 How great is the problem?... 3 Spyware: a growing issue... 3 Feeling
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationProven LANDesk Solutions
LANDesk Solutions Descriptions Proven LANDesk Solutions IT departments face pressure to reduce costs, reduce risk, and increase productivity in the midst of growing IT complexity. More than 4,300 organizations
More informationLinux Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS QUARTER 2 NETWORKING AND OPERATING SYSTEMS ESSENTIALS. Module 1 - Office Applications
NETWORK ENGINEERING TRACK Linux Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS Module 1 - Office Applications This subject enables users to acquire the necessary knowledge and skills to use Office
More informationEducation as a defense strategy. Jeannette Jarvis Group Program Manager PSS Security Microsoft
Education as a defense strategy Jeannette Jarvis Group Program Manager PSS Security Microsoft Introduction to End User Security Awareness End User Security Awareness Challenges Understanding End User
More informationNational Cyber Security Policy -2013
National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information
More informationThe Information Security Problem
Chapter 10 Objectives Describe the major concepts and terminology of EC security. Understand phishing and its relationship to financial crimes. Describe the information assurance security principles. Identify
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationWindows Embedded Security and Surveillance Solutions
Windows Embedded Security and Surveillance Solutions Windows Embedded 2010 Page 1 Copyright The information contained in this document represents the current view of Microsoft Corporation on the issues
More informationMichael Nowacki, CISSP - ISSAP. Security & Management Solutions Specialist Microsoft Canada Michael.Nowacki@Microsoft.com
Michael Nowacki, CISSP - ISSAP Security & Management Solutions Specialist Microsoft Canada Michael.Nowacki@Microsoft.com More advanced Application-oriented More frequent Profit motivated Too many point
More informationSecuring the Microsoft Cloud
Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and customers to fully embrace and benefit from cloud services. We are committed
More informationData Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments
Trusted protection for endpoints and messaging environments Overview Symantec Protection Suite Enterprise Edition creates a protected endpoint and messaging environment that is secure against today s complex
More informationEvolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance
Evolving Threats and Attacks: A Cloud Service Provider s viewpoint John Howie Senior Director Online Services Security and Compliance Introduction Microsoft s Cloud Infrastructure Evolution of Threats
More informationData Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec
The next generation of antivirus technology from Symantec Overview Advanced threat protection combines Symantec AntiVirus with advanced threat prevention to deliver an unmatched defense against malware
More informationSECURING YOUR SMALL BUSINESS. Principles of information security and risk management
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
More informationThe Security Development Lifecycle. Steven B. Lipner, CISSP SLipner@microsoft.com Senior Director Security Engineering Strategy Microsoft Corp.
The Security Development Lifecycle Steven B. Lipner, CISSP SLipner@microsoft.com Senior Director Security Engineering Strategy Microsoft Corp. 2 Overview Introduction A look back Trustworthy Computing
More informationZENworks Patch Management. Doc Hodges Opportunity Response Team Novell, Inc.
ZENworks Patch Management Doc Hodges Opportunity Response Team Novell, Inc. Are you prepared for business continuity threats? Unstable, malfunctioning systems resulting from attacks by viruses, worms and
More informationInformation Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus
Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination
More informationFORBIDDEN - Ethical Hacking Workshop Duration
Workshop Course Module FORBIDDEN - Ethical Hacking Workshop Duration Lecture and Demonstration : 15 Hours Security Challenge : 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once
More informationEndpoint protection for physical and virtual desktops
datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become
More informationInjazat s Managed Services Portfolio
Injazat s Managed Services Portfolio Overview Premium Managed Services to Transform Your IT Environment Injazat s Premier Tier IV Data Center is built to offer the highest level of security and reliability.
More informationBest Practices for a BYOD World
Face Today s Threats Head-On: Best Practices for a BYOD World Chris Vernon CISSP, VTSP Security Specialist Agenda Mobile Threats Overview 2013 State of Mobility Survey Canada BYOD Best Practices 2 Mobile
More informationLoophole+ with Ethical Hacking and Penetration Testing
Loophole+ with Ethical Hacking and Penetration Testing Duration Lecture and Demonstration: 15 Hours Security Challenge: 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once said,
More informationData Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec
The next generation of antivirus technology from Symantec Overview Advanced threat protection combines Symantec AntiVirus with advanced threat prevention to deliver an unmatched defense against malware
More informationMicrosoft Security Development Lifecycle for IT. Rob Labbé Application Consulting and Engineering Services roblab@microsoft.com
Microsoft Security Development Lifecycle for IT Rob Labbé Application Consulting and Engineering Services roblab@microsoft.com The Reasons for Secure Software There are many threats to data and systems
More informationLectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003
Lectures 9 Advanced Operating Systems Fundamental Security Computer Systems Administration TE2003 Lecture overview At the end of lecture 9 students can identify, describe and discuss: Main factors while
More informationMicrosoft Technologies
NETWORK ENGINEERING TRACK Microsoft Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS Module 1 - Office Applications This subject enables users to acquire the necessary knowledge and skills to use
More informationEmerging Security Technological Threats
Emerging Security Technological Threats Jamie Gillespie Training and Education Team Leader, AusCERT About AusCERT Australia s national CERT Collect, monitor, advise on threats and vulnerabilities Incident
More informationA Database Security Management White Paper: Securing the Information Business Relies On. November 2004
A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:
More informationMicrosoft Security Systemats
Investigate and Resolve Vulnerability Reports Staff public reporting alias Monitor security lists Single point of coordination and communications Microsoft Security Response Process Own and coordinate
More informationUnderstanding Anti-Malware Research and Response at Microsoft. An introduction to the Malware Protection Center
Understanding Anti-Malware Research and Response at Microsoft An introduction to the Malware Protection Center Understanding Anti-Malware Research and Response at Microsoft An introduction to the Microsoft
More informationEndpoint protection for physical and virtual desktops
datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become
More informationIBM Endpoint Manager for Core Protection
IBM Endpoint Manager for Core Protection Device control and endpoint protection designed to guard against malware and loss of sensitive data Highlights Delivers real-time endpoint protection against viruses,
More informationES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS
ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS The Internet Threat Landscape Symantec TM Dean Turner Director Global Intelligence Network Symantec Security
More informationSecuring the Microsoft Cloud
Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and consumers to fully embrace and benefit from
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationMicrosoft Update Management. Sam Youness Microsoft
Microsoft Update Management Sam Youness Microsoft Microsoft s Areas of Focus for ICS Risk Management Secure Development Device and Network Security Identity and Access Management Operational Response Get
More informationHow To Buy Nitro Security
McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security
More information10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)
1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction
More informationTotal Defense Endpoint Premium r12
DATA SHEET Total Defense Endpoint Premium r12 Overview: Total Defense Endpoint Premium Edition r12 offers comprehensive protection for networks, endpoints and groupware systems from intrusions, malicious
More informationDefending against modern threats Kruger National Park ICCWS 2015
Defending against modern threats Kruger National Park ICCWS 2015 Herman Opperman (CISSP, ncse, MCSE-Sec) - Architect, Cybersecurity Global Practice Microsoft Corporation Trends from the field Perimeter
More informationInformation Security Threat Trends
Talk @ Microsoft Security Day Sep 2005 Information Security Threat Trends Mr. S.C. Leung 梁 兆 昌 Senior Consultant 高 級 顧 問 CISSP CISA CBCP M@PISA Email: scleung@hkcert.org 香 港 電 腦 保 安 事 故 協 調 中 心 Introducing
More informationTechnology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications
Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security
More informationCyber Security nei prodotti di automazione
Cyber Security nei prodotti di automazione Marco Biancardi, ABB SpA, Power System Division 11 dicembre 2013, Roma Why is it an issue? Isolated devices Point to point interfaces Proprietary networks Standard
More informationMicrosoft Security Intelligence Report Volume 13
Microsoft Security Intelligence Report Volume 13 Tim Rains Director, Trustworthy Computing, Microsoft Jeff Jones Director, Trustworthy Computing, Microsoft Session ID: DSP-R33 Session Classification: Intermediate
More informationHIPAA DATA SECURITY & PRIVACY COMPLIANCE
HIPAA DATA SECURITY & PRIVACY COMPLIANCE This paper explores how isheriff Cloud Security enables organizations to meet HIPAA compliance requirements with technology and real-time data identification. Learn
More informationWindows Phone 8 Security Overview
Windows Phone 8 Security Overview This white paper is part of a series of technical papers designed to help IT professionals evaluate Windows Phone 8 and understand how it can play a role in their organizations.
More informationThe Value of Vulnerability Management*
The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda
More informationInformation Security Incident Management Guidelines
Information Security Incident Management Guidelines INFORMATION TECHNOLOGY SECURITY SERVICES http://safecomputing.umich.edu Version #1.0, June 21, 2006 Copyright 2006 by The Regents of The University of
More informationTrend Micro. Advanced Security Built for the Cloud
datasheet Trend Micro deep security as a service Advanced Security Built for the Cloud Organizations are embracing the economic and operational benefits of cloud computing, turning to leading cloud providers
More informationThe Key to Secure Online Financial Transactions
Transaction Security The Key to Secure Online Financial Transactions Transferring money, shopping, or paying debts online is no longer a novelty. These days, it s just one of many daily occurrences on
More informationHP Security Assessment Services
HP Security Assessment Services HP Data Center Services Technical data Your corporate information and intellectual property are important assets that you want to protect from unauthorized users. Developing
More informationCompTIA Security+ (Exam SY0-410)
CompTIA Security+ (Exam SY0-410) Length: Location: Language(s): Audience(s): Level: Vendor: Type: Delivery Method: 5 Days 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals Intermediate
More informationImplementing Security Update Management
Implementing Security Update Management Wayne Harris MCSE Senior Consultant Certified Security Solutions Business Case for Update Management When determining the potential financial impact of poor update
More informationSymantec Endpoint Protection
The next generation of antivirus technology from Overview Advanced threat protection combines AntiVirus with advanced threat prevention to deliver an unmatched defense against malware for laptops, desktops,
More informationWoodcock-Johnson and Woodcock-Muñoz Language Survey Revised Normative Update Technical and Data Security Overview
Houghton Mifflin Harcourt - Riverside (HMH - Riverside) is pleased to offer online scoring and reporting for Woodcock-Johnson IV (WJ IV) and Woodcock-Muñoz Language Survey Revised Normative Update (WMLS-R
More informationPrivilege Gone Wild: The State of Privileged Account Management in 2015
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationHost Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1
Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A
More informationCyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist
Cyber- Attacks: The New Frontier for Fraudsters Daniel Wanjohi, Technology Security Specialist What is it All about The Cyber Security Agenda ; Protecting computers, networks, programs and data from unintended
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationPrivilege Gone Wild: The State of Privileged Account Management in 2015
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
More informationWindows 7. Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org
Windows 7 Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org 1 Overview 1. Financial Institution s Preliminary Steps 2. User Interface 3. Data Protection 4. User and Group Changes
More information2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security
2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security For 10 years, Microsoft has been studying and analyzing the threat landscape of exploits, vulnerabilities, and malware.
More informationRSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief
RSA SecurID Authentication in Action: Securing Privileged User Access RSA SecurID solutions not only protect enterprises against access by outsiders, but also secure resources from internal threats The
More informationInformation Technology Solutions
Managed Services Information Technology Solutions A TBG Security Professional Services Offering LET TBG MANAGE YOUR INFRASTRUCTURE WITH CONFIDENCE: TBG S INTEGRATED IT AUTOMATION FRAMEWORK PROVIDES: Computer
More informationIBM Endpoint Manager Product Introduction and Overview
IBM Endpoint Manager Product Introduction and Overview David Harsent Technical Specialist Unified Endpoint IBM Endpoint Manager and IBM MobileFirst Protect (MaaS360) Any device. Identify and respond to
More informationSymantec Protection Suite Small Business Edition
Easy-to-use, all-in-one suite designed for small businesses Overview Suite Small Business is an easyto-use, all-in-one suite that secures your critical business assets and information against today s complex
More informationhave adequate policies and practices for secure data disposal have not established a formal 22% risk management program
do not have budgeted disaster 38% recovery plans do not use standardized data 37% classification do not have a plan for responding to 29% security breaches 23% have adequate policies and practices for
More informationCyber Essentials Scheme
Cyber Essentials Scheme Requirements for basic technical protection from cyber attacks June 2014 December 2013 Contents Contents... 2 Introduction... 3 Who should use this document?... 3 What can these
More information10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection. September 2011
10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection September 2011 10 Potential Risks Facing Your IT Department: Multi-layered Security & Network Protection 2 It s
More informationSpyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc.
Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References
More informationCourse overview. CompTIA A+ Certification (Exam 220 902) Official Study Guide (G188eng verdraft)
Overview This 5-day course is intended for those wishing to qualify with. A+ is a foundation-level certification designed for IT professionals with around 1 year's experience whose job role is focused
More informationHow Microsoft runs IT. Ludwig Wilhelm CIO Central & Eastern Europe Microsoft IT
How Microsoft runs IT Ludwig Wilhelm CIO Central & Eastern Europe Microsoft IT 2 Source: Accenture Cloudrise: Rewards & Risks at the Dawn of Cloud Computing, November 2010 3 Source: Accenture Cloudrise:
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationSimphony v2 Antivirus Recommendations
DECLARATIONS WARRANTIES Although the best efforts are made to ensure that the information in this document is complete and correct, MICROS Systems, Inc. makes no warranty of any kind with regard to this
More informationSymantec Protection Suite Small Business Edition
Easy-to-use, all-in-one suite designed for small businesses Overview Suite Small Business Edition is an easyto-use, all-in-one suite that secures your critical business assets and information against today
More informationCourse: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems
Course: Information Security Management in e-governance Day 1 Session 5: Securing Data and Operating systems Agenda Introduction to information, data and database systems Information security risks surrounding
More informationData Center Security in a World Without Perimeters
www.iss.net Data Center Security in a World Without Perimeters September 19, 2006 Dave McGinnis Director of MSS Architecture Agenda Securing the Data Center What threats are we facing? What are the risks?
More informationCyber R &D Research Roundtable
Cyber R &D Research Roundtable 2 May 2013 N A T I O N A L S E C U R I T Y E N E R G Y & E N V I R O N M E N T H E A L T H C Y B E R S E C U R I T Y Changing Environment Rapidly Evolving Threat Changes
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
More informationIBM Tivoli Endpoint Manager for Security and Compliance
IBM Endpoint Manager for Security and Compliance A single solution for managing endpoint security across the organization Highlights Provide up-to-date visibility and control from a single management console
More informationCA Host-Based Intrusion Prevention System r8.1
PRODUCT BRIEF: CA HOST-BASED INTRUSION PREVENTION SYSTEM CA Host-Based Intrusion Prevention System r8.1 CA HOST-BASED INTRUSION PREVENTION SYSTEM (CA HIPS) BLENDS ENDPOINT FIREWALL, INTRUSION DETECTION,
More information