|
||||||
Will the user define security policies in the future?I think, I blogged about this event already earlier: Years ago I was meeting a customer and was talking about the future of IT. I was telling the audience (about 10 people including the Security Officer) that there is a good chance that IT will not define a set of hardware anymore but that the user will buy their own and use it for business. Additionally, different people have different ... 
Get off XP or Risk your Business?One of the highest hit rates I ever had on my blog was one I wrote right before Conficker broke out. I called it Playing Russian Roulette with your Network. The background was, that we released an out of band security update and our customers came back and asked us, whether they really shall deploy it – this situation then led to Conficker. About 12 months from today, Windows XP will ... 
Security in 2013 – the way forward?Typically January is the month where we are asked to make predictions on the trends for the New Year. I do not like this as I am an engineer and not a fortune tellerJ. But there are things we know and things we definitely need to drive this year. I would actually put it into the context of typical hygiene of any IT environment. Let's try to understand, where we stand ... 
The Directory in the Cloud?It seems that it is an eternity ago – and it is. Pretty much three years ago, Doug Cavit and me published a paper called the Cloud Computing Security Considerations. Even though it is three years, the paper is still worth reading as the content still applies. What we basically said was, that if you look at the Cloud, there are five areas of Considerations: Compliance and Risk Management: Organizations shifting ... 
In the meantime I guess that most of us agreed that Consumerization of IT or Bring Your Own Device or how ever you want to call this will become a reality – probably rather sooner than later. In the meantime our team in France published a few papers/guides, which are definitely worth looking at: I . . . → Read More: Consumerization of IT I know that I keep going and going on that. When I talk to customers and mainly to providers of the critical infrastructure about security, one of the key things to me is to keep the software updated. It is about patching and it is about staying on the latest version of your software. To . . . → Read More: Keep all your software updated and current The Australian Defense Signals Directorate maintains a list of the Top 35 Mitigation Strategies against targeted intrusions. This is just a reference to the top strategies: Patch Applications Patch the Operating System Minimize the use of local admin Application whitelisting … Looking at these 35 strategies, the DSD claims that While no single strategy can . . . → Read More: Implementing the Top 4 Defense Strategies A result of a study by Kasperski lab is fairly promising – even though it shows the problem being raising up the stack: For the very first time in its history, the top 10 rating of vulnerabilities includes products from just two companies: Adobe and Oracle (Java), with seven of those 10 vulnerabilities being found . . . → Read More: Windows Security Praised A very good overview over the way we run Microsoft’s Cloud. The interesting thing is – if you look at the video – that most customers are still running their datacenters on generation 1-2, which means that the efficiency (labor as well as energy) we can deliver is significantly higher – not talking of our . . . → Read More: Video on Microsoft’s Datacenter Quite a while ago, I blogged about the File Classification Infrastructure in Windows Server 2008 R2: File Classification Infrastructure in Windows Server 2008 R2 File Classification Infrastructure:More content In my opinion, this is an interesting tool, built in to your server platform. Now, we just published a paper about how we use this File Classification . . . → Read More: How Microsoft Uses File Classification Infrastructure To me, one of the benefits of moving to the Cloud is security – obviously besides availability and costs. Recent incidents made me doubt: Amazon not only having significant downtime but in the same time losing customer data. Sony’s game network being significantly compromised. This is definitely not to blame them but I was heavily . . . → Read More: Cloud computing providers: Clueless about security? A few years ago, I wanted to run an exercise with our incident response team in Switzerland. A customer, the government and me came together to develop the goals and the scenario. One of the key question we tried to answer together with the university, which we wanted to use as observers was, whether we . . . → Read More: Mutual Authentication in Real Life–Launching a Nuclear Missile… A while ago we released the Microsoft Security Update Guide to explain how we release security updates and how you should/could work with our updates. It encompasses these themes: Get to know the security update release process Learn how to evaluate risk See how to mitigate security risks Understand how quickly you need to apply . . . → Read More: Microsoft Security Update Guide, Second Edition Do you know the feeling? You should share a large file with somebody outside your organization. The file is too big to be sent by e-mail. What can you do? Well, you might have a service by internal IT (we have one) which is not really user-friendly, hard to use and – as you do . . . → Read More: Aligning Security with the Business |
|
|||||
|
Copyright © 2013 Roger Halbheer on Security - All Rights Reserved Powered by WordPress & Atahualpa |
||||||
