Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advancing Security Progress and Commitment. Individual control of personal data Products, online services adhere to fair information principles Protects.

Published byAnthony Jones Modified over 9 years ago

Similar presentations

Presentation on theme: "Advancing Security Progress and Commitment. Individual control of personal data Products, online services adhere to fair information principles Protects."— Presentation transcript:

1 Advancing Security Progress and Commitment

2 Individual control of personal data Products, online services adhere to fair information principles Protects individual’s right to be left alone Resilient to attack Protects confidentiality, integrity, availability of data and systems Engineering Excellence Dependable, performs at expected levels Available when needed Open, transparent interaction with customers Address issues with products and services Help customers find appropriate solutions

3 Security Enabled Business Reduce Security Risk Assess the environment Improve isolation and resiliency Develop and implement controls Increase Business Value Connect with customers Integrate with partners Empower employees Risk Level Impact to Business Probability of Attack ROI Connected Productive

4 Isolation and Resiliency Advanced Updating Authentication, Authorization and Audit Engineering Excellence Guidance, Tools and Response “Give us better access control” “Simplify critical maintenance” “Reduce impact of malware” “Provide better guidance” “Develop reliable and secure software” Helping Better Protect Customers

5 Isolation and Resiliency Mitigate the risk of business interruption Reduce attack surface and vectors Deflect and contain threats proactively Enable defense-in-depth protection A platform that is more resilient in the presence of security threats

6 Communicate and collaborate in a more secure manner without sacrificing information worker productivity Isolation and Resiliency Reducing the Modes of Attack – XP SP2

7 Protects Microsoft software against application layer attacks Eases deployment and management Enables quick and secure information access Maximizes existing IT investments Safeguarding Applications

8 Situation HIPAA regulatory compliance Paper-based system delaying diagnosis Unchecked Internet access impacting productivity Benefit Safeguards met HIPAA’s standards Improved collaboration and reduced diagnosis time Increased productivity by 30 percent Solution Upgraded network to Windows Server 2003 Deployed ISA Server 2004 Defined policies for usage and enabled caching for performance “I’ve accomplished more in the last two months with ISA Server than I did in the six months prior to installation.” Jodi Reindl Assistant to Directors Clarke County Hospital Enabling Customer Success

9 Application-aware firewalls Application-aware firewalls Intrusion prevention Intrusion prevention Dynamic system protection Dynamic system protection Behavior blocking Behavior blocking Isolation and Resiliency Future: Active protection technology

10 Advanced Isolation Clients who do not pass can be blocked and isolated Isolated clients can be given access to updates to get healthy Health Checkup Check update level, antivirus, and other plug in and scriptable criteria Isolation and Resiliency Network Access Protection

11 Simplify the security update process Advanced Updating Lower updating costs while increasing efficiency Fewer installers and smaller size Enhanced tools for assessment and deployment Extended across Microsoft technologies

12 One update experience Delta updating for 30-80% smaller update packages Better quality updates Rollback capability for all updates 10-30% fewer reboots Updating Windows 2000+ Generation Windows Update > Microsoft Update SUS > Windows Update Services SMS 2003 Reduce Complexity Reduce Size Reduce Risk Reduce Downtime

13 Today Future Windows, SQL, Exchange, Office… Windows, SQL, Exchange, Office… Office Update Download Center SUS SMS “Microsoft Update” (Windows Update) VS Update Windows Update Windows only WindowsUpdateServices Updating: Roadmap Windows, SQL, Exchange, Office… AutoUpdate

14 Authentication, Authorization & Audit Simplify adoption of robust security management Integrated secure single sign-on experience New factors of authentication Seamless data protection across layers Enable secure business scenarios

15 Authentication, Authorization and Audit Enabling Security Critical Scenarios Windows IPSec integration SSL, RPC over HTTP ISA Server 2004 Deep Windows integration WPA, 802.1x, PEAP Single sign-on, smartcards, biometrics Provision for multiple credential types Rights Management Services Comprehensive Authorization Infrastructure (AD, EFS, ACLs…)

16 Situation Exchange of sensitive data Regulatory compliance Costly courier-shipped hardcopies Benefit Improved confidentiality and efficiency Protection through document lifecycle Improved clinical trials Solution RMS with AES-128 cryptography Word 2003 and Internet Explorer RMA Policy templates “The Windows Rights Management Services (RMS) infrastructure… provides Merck a means to control the distribution of our mission critical information with persistent usage polices. Thereby ensuring that we maintain information relevance as well as appropriate access.” Jim King Group Manager, CDP Technology Management Merck & Co. Inc. Enabling Customer Success

17 Engineering Excellence Raise the bar of software security Improved development process New tools designed to help developers Guidance and training focused on secure coding Advance the state of the art of secure software development

18 Quality & Engineering Excellence Improved Development Process Threat modeling Code inspection Penetration testing Unused features off by default Reduce attack surface area Least Privilege Prescriptive Guidance Security Tools Training and Education Community Engagement Transparency Clear policy

19 Security Development Lifecycle Product Inception Assign resource Security plan Design Design guidelines applied Security architecture Security design review Ship criteria agreed upon Guidelines&Best Practices Coding Standards Testing based on threat models Tool usage Security Push Security push training Review threat models Review code Attack testing Review against new threats Meet signoff criteria Final Security Review(FSR) Review threat models Penetration Testing Archiving of Compliance Info Security Response Feedback loop -Tools/ Processes -Postmortems -SRLs RTM& Deployment Signoff DesignResponse Threat Modeling Models created Mitigations in design and functional specs Security Docs& Tools Customer deliverables for secure deployment RequirementsImplementationVerificationRelease

20 Critical or important bulletins in the first … 1 Year 1.5 Years TwC release? 1324 4262 Yes No Continued Progress Bulletins since TwC release Shipped July 2002, Pre and Post Ship Bulletins Bulletins in prior period 8 Service Pack 3 2 Bulletins since TwC release Shipped Jan. 2003, Pre and Post Ship Bulletins 3 Service Pack 3 Bulletins in prior period 16

21 Quality & Engineering Excellence Helping Developers Write More Secure Code.NET Framework 1.1 Cryptographic APIs Integrated PKI Visual Studio.NET 2003 Security Tools Web Services Enhancements Microsoft Security Developer Center Writing Secure Code v2 Developer webcasts

22 Responsiveness According to Forrester’s “All Days of Risk” metric, the Linux Distributions took twice as much time as Microsoft to respond with a fix for customers. Forrester: “Microsoft’s average of 25 days between disclosure and release of a fix was the lowest of all the platform maintainers we evaluated.” Source: “Is Windows More Secure than Linux?”, Forrester, March 2004. All Days of Risk MicrosoftRedHatDebianMandrakeSoftSUSE 25 57 82 74 0100806040 20 57 All Days of Risk (or Vendor’s Days of Risk) More info: www.microsoft.com/getthefacts

23 Guidance, Tools and Response Accelerate adoption of security best practices Seminars, publications and guidance Alliances and information exchanges Corporation with law enforcement Help customers through prescriptive guidance, training, partnership & policy

24 Guidance, Tools & Response Delivering Support and Creating Community Security tools Microsoft Baseline Security Analyzer Security Bulletin Search Tool Guidance and training Security Guidance Center E-Learning Clinics Community engagement Newsletters Webcasts and chats

25 Microsoft Security: Building Trust Isolation and Resiliency Advanced Updating Authentication, Authorization and Audit Engineering Excellence Guidance, Tools and Response Mitigate the risk of business interruption Lower update costs and increase efficiency Simplify adoption of security management Raise the bar of software security Accelerate the adoption of best practices

26 Learn: Take training, read guidance, help educate users Connect: Participate in community. Subscribe to security newsletters Manage Risk: Implement a security plan and risk management process Implement: Upgrade laptops and remote systems to Windows XP SP2 Standardize: Deploy Windows Server 2003 on edge servers Integrate: Adopt a defense-in-depth security approach What You Can Do

27 Resources General http://www.microsoft.com/security XP SP2 Resources for the IT Professional http://www.microsoft.com/technet/winxpsp2 Security Guidance Center http://www.microsoft.com/security/guidance Tools http://www.microsoft.com/technet/Security/tools How Microsoft IT Secures Microsoft http://www.microsoft.com/technet/itsolutions/msit E-Learning Clinics https://www.microsoftelearning.com/security Events and Webcasts http://www.microsoft.com/seminar/events/security.mspx

28 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Download ppt "Advancing Security Progress and Commitment. Individual control of personal data Products, online services adhere to fair information principles Protects."

Similar presentations

Selecting the Right Network Access Protection (NAP) Architecture Infrastructure Planning and Design Published: June 2008 Updated: November 2011.

Selecting the Right Network Access Protection (NAP) Architecture Infrastructure Planning and Design Published: June 2008 Updated: November 2011.
Network Access Protection & Network Admission Control March 10, 2005 Teerapol Tuanpusa Network Consultant Cisco Systems Thailand Jirat Boomuang Technology.

Network Access Protection & Network Admission Control March 10, 2005 Teerapol Tuanpusa Network Consultant Cisco Systems Thailand Jirat Boomuang Technology.
Desktop Value - Introducing Windows XP Service Pack 2 with Advanced Security Technologies Presenter: James K. Murray Title: Information Technologies Consultant.

Desktop Value - Introducing Windows XP Service Pack 2 with Advanced Security Technologies Presenter: James K. Murray Title: Information Technologies Consultant.
Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.

Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.
Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.

Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.
Www.cleo.com Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.

Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.
Advancing Security Progress and Commitment John Wylder CISSP, CHS Strategic Security Advisor

Advancing Security Progress and Commitment John Wylder CISSP, CHS Strategic Security Advisor
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
SAGE-AU Adelaide Windows Update Services Michael Kleef IT Pro Evangelist Microsoft Corporation Level 200.

SAGE-AU Adelaide Windows Update Services Michael Kleef IT Pro Evangelist Microsoft Corporation Level 200.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Dan Stolts IT Pro Evangelist US DPE - North East Microsoft Corporation

Dan Stolts IT Pro Evangelist US DPE - North East Microsoft Corporation
Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.
Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK.

Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK.
IT:Network:Microsoft Applications

IT:Network:Microsoft Applications
Microsoft ® Application Virtualization 4.6 Infrastructure Planning and Design Published: September 2008 Updated: February 2010.

Microsoft ® Application Virtualization 4.6 Infrastructure Planning and Design Published: September 2008 Updated: February 2010.
Office 365: Efficient Cloud Solutions Wednesday March 12, 9AM Chaz Vossburg / Gabe Laushbaugh.

Office 365: Efficient Cloud Solutions Wednesday March 12, 9AM Chaz Vossburg / Gabe Laushbaugh.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,

Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,
Wally Mead Senior Program Manager Microsoft Corporation.

Wally Mead Senior Program Manager Microsoft Corporation.
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Similar presentations

Ads by Google