Should the Government be able to enforce security updates?

This is actually an interesting question. A lot of governments enforce rules and regulations on how you have to run your car, how often you have to check it, in which condition you have to keep your tires etc. The same is true for a lot of other devices we are using. Now, it seems…

Details

We Need Solid and Strong Transparent Processes for the Cloud

This morning I was reading an article called Google seeks to assure customers on cloud security practices on ComputerWeekly. I had to read this – obviously :-). It references a paper written by the Google Security Officer called Security Whitepaper: Google Apps Messaging and Collaboration Products. So, I read through it and to me it…

Details

Hacking the Human Body

Years ago I was sitting in a healthcare event, when a researcher was talking (very excited) about the idea of having a pacemaker with Bluetooth access to fine-tune the system and read information from the sensors. Even though this might medically be a great idea, I would be fairly reluctant having such a thing in…

Details

Customer Stories: Why it is not THAT easy to move to the Cloud

Ait ss you know from my postings on Cloud and security and the paper on the Cloud Security Considerations we wrote, I am convinced that there are five areas you should look at, when you try to migrate to the Cloud: Compliance and Risk Management Identity and Access Management Service Integrity Endpoint Integrity Information Protection…

Details

Update on the Khobe “vulnerability”

Just an update on my recent post  on The “KHOBE – 8.0 earthquake” – What’s behind it. In the meantime we worked with Matousec and confirmed that neither Microsoft Security Essentials nor Forefront Client Security are affected by this “vulnerability”. So, to me it is as I stated above: Make noise but for sure not…

Details

Microsoft Security Intelligence Report – What it means for EMEA

“Unfortunately” I have been on vacation when we released the Security Intelligence Report last week. Nevertheless I would like to take the opportunity and look at it more from a EMEA perspective. One of the interesting data points we always publish is the Malware Infection Rate. Remember, there is a huge amount of data we…

Details

How to Align Work Live and Private Live

It is often talked about the “New World of Work” or sometimes it is about bringing virtual and physical organizations together – which is often called the Hybrid organization. The Hybrid organization has different aspects: People, Technology and Buildings. We are running different pilots in different offices like Amsterdam or Zurich to learn what we…

Details

A Detailed Analysis of an Attack – Do We Need an International Incident Sharing Database?

I recently came across a paper called Shadows in the Cloud, which is actually a follow-up report of Tracking GhostNet: Investigating a Cyber Espionage Network, an investigation of the attacks on the office of the Dalai Lama and some governmental bodies. The report is written by two bodies who had the privilege to investigate those…

Details

Microsoft Security Compliance Manager: Now available!

I recently blogged about the Beta version of our Security Compliance Manger, helping you to manage the security baselines in your organization. There are some screenshots in the corresponding post: Making the Management of Security Compliance Easier!

Now, we released the final version of it. It can be found here: Microsoft Security Compliance Manager

Roger