1. Mark Estberg, John Howie Senior Directors Microsoft Corporation SESSION CODE: SIA317

3. Trustworthy Computing Global Foundation Services Physical Infrastructure Logical Infrastructure Physical Infrastructure Logical Infrastructure Compute Runtimes Identity and Directory Stores Compute Runtimes Identity and Directory Stores Cloud Platform Services And Others Cloud Infrastructure Consumer and Small Business Services Enterprise Services Third-Party Hosted Services

4. Trustworthy Computing Cloud Challenges Growing Interdependence Amongst Public and Private Sector With these new dependencies come mutual expectations that platform services and hosted applications be secure and available. Growing Interdependence Amongst Public and Private Sector With these new dependencies come mutual expectations that platform services and hosted applications be secure and available. Complex, Global Regulatory Requirements and Industry Standards Each country may pass their own laws that govern the provision and use of online environments. Complex, Global Regulatory Requirements and Industry Standards Each country may pass their own laws that govern the provision and use of online environments. Evolving Technologies, Changing Business Models, Dynamic Hosting Environment Keeping pace with growth and anticipating future needs is essential to running an effective security program. Evolving Technologies, Changing Business Models, Dynamic Hosting Environment Keeping pace with growth and anticipating future needs is essential to running an effective security program. Increasing Sophistication of Attacks Malicious activity focuses on infiltrating and disrupting online service offerings. Increasing Sophistication of Attacks Malicious activity focuses on infiltrating and disrupting online service offerings.

5. Trustworthy Computing ISO/IEC 27001:2005 certification Statement of Auditing Standard 70 Type I and Type II attestations ISO/IEC 27001:2005 certification Statement of Auditing Standard 70 Type I and Type II attestations Certification and Attestations Payment Card Industry Data Security Standard Health Insurance Portability and Accountability Act Payment Card Industry Data Security Standard Health Insurance Portability and Accountability Act Industry Standards and Regulations Media Ratings Council Sarbanes-Oxley, etc. Identify and integrate: – Regulatory requirements – Customer requirements Assess and remediate: – Eliminate or mitigate gaps in control design Identify and integrate: – Regulatory requirements – Customer requirements Assess and remediate: – Eliminate or mitigate gaps in control design Controls Framework Test effectiveness and assess risk Attain certifications and attestations Improve and optimize: – Examine root cause of non- compliance – Track until fully remediated Test effectiveness and assess risk Attain certifications and attestations Improve and optimize: – Examine root cause of non- compliance – Track until fully remediated Predictable Audit Schedule

19. 2. Establish Asset Ownership 4. Measure Compliance 3. Define Baseline Requirements 5. Enforce Compliance 1. Identify and Categorize Assets CMDB Start here Risk & Asset Management Programs Policies Standards & Requirements Monitoring Infrastructure

31. Learn more about our solutions: http://www.microsoft.com/forefront Try our products: http://www.microsoft.com/forefront/trial

32. www.microsoft.com/teched www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn

34. Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31 st http://northamerica.msteched.com/registration You can also register at the North America 2011 kiosk located at registration Join us in Atlanta next year