1. Delivering Assured Services John Weigelt National Technology Officer Microsoft Canada

2. The Evolving Threat Vandal Trespasser Thief Spy Author National Interest Personal Gain Personal Fame Curiosity Script-KiddyUndergradExpert Specialist Expertise Motivation

3. Viruses, Spyware and Worms Botnets and Rootkits SPAM, Phishing, Evil Twins and Fraud Deploying Security Updates System Identification and Configuration Security Policy Enforcement Identity Management and Access Control Managing Access in the Extended Enterprise Security Risk of Unmanaged PCs Regulatory Compliance Develop and Implement of Security Policies Reporting and Accountability Virus & Malware Prevention Business Practices Implementing Defense in Depth Security Management

4. Secure against attacks Protects confidentiality, integrity and availability of data and systems Manageable Protects from unwanted communication Controls for informational privacy Products, online services adhere to fair information principles Dependable, Available Predictable, consistent, responsive service Maintainable Resilient, works despite changes Recoverable, easily restored Proven, ready Commitment to customer-centric Interoperability Recognized industry leader, world-class partner Open, transparent

5. Fundamentally secure platforms enhanced by security products, services and guidance to help keep customers safe Excellence in fundamentals Security innovations Best practices, whitepapers and tools Authoritative incident response Security awareness and education through partnerships and collaboration Information sharing on threat landscape

6. Guidance Developer Tools Systems Management Active Directory Federation Services (ADFS) Identity Management Services Information Protection Encrypting File System (EFS) BitLocker™ Network Access Protection (NAP) Client and Server OS Server Applications Edge

7. Run More Securely User Account Protection Browser Anti-Phishing and Low-rights IE Windows service hardening Run More Securely User Account Protection Browser Anti-Phishing and Low-rights IE Windows service hardening Communicate More Securely Network Access Protection Inbound/outbound firewall PnP Simple Smart Cards Pluggable Crypto Communicate More Securely Network Access Protection Inbound/outbound firewall PnP Simple Smart Cards Pluggable Crypto Stay More Secure Anti-malware Restart Manager Client-based Security Scan Agent Fine-grained Audit Control Stay More Secure Anti-malware Restart Manager Client-based Security Scan Agent Fine-grained Audit Control Start More Securely Hardware-based Secure Startup Bit-Locker Full Volume Encryption Code Integrity Start More Securely Hardware-based Secure Startup Bit-Locker Full Volume Encryption Code Integrity Summary of Vista Security

8. CardSpace Returning Identity Control to the End User Reduces reliance on usernames & passwords Consistent user interface for login and registration Grounded in real- world metaphor Helps end users avoid many phishing attacks Support for two-factor authentication Secure subsystem Self-asserted and “managed” identities Built on Web Services Protocols SaferEasier

9. www.microsoft.com/security/guidance

10. Microsoft Regulatory Compliance Guide

12. Primary Security Concern Microsoft Security Collaboration for Governments Offerings are designed to address different concerns Security of IT deployments Productsecurity Computingsafety Government Security Program (GSP) Source code access Certification evidence Training Feedback New - now includes GSHP Primary audience: Policy makers Purchasing decision makers Security mobilization Prescriptive guidance via on- line content, CD-ROM, on-line training, service offerings Primary audience: IT managers & professionals Developers Security Cooperation Program (SCP) Incident response and public safety collaboration Cooperative projects Information exchange Primary audience: Policy and national security agencies Public safety and incident response agencies

13. © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. John Weigelt johnwei@microsoft.com

14. Viruses, Spyware and Worms Botnets and Rootkits SPAM, Phishing, Evil Twins and Fraud Deploying Security Updates System Identification and Configuration Security Policy Enforcement Identity Management and Access Control Managing Access in the Extended Enterprise Security Risk of Unmanaged PCs Regulatory Compliance Develop and Implement of Security Policies Reporting and Accountability Virus & Malware Prevention Business Practices Implementing Defense in Depth Security Management