Trustworthy Computing focuses on creating and delivering secure, private, and reliable computing experiences based on sound business practices. Our goal is a safer, more trusted Internet.

The security of our customers' computers and networks is a top priority. We are committed to building software and services that help protect our customers and the industry. Our approach to security includes both technological and social aspects, and we strive to ensure that information and data are safe and confidential. Drawing on industry best practices, we make investments to increase the security of our technologies and to provide guidance and training to help minimize the impact of malicious software.

Three core elements guide the work and focus of security: Fundamentals, Threat and Vulnerability Mitigation, and Identity and Access Control.

Fundamentals

We focus on making online activities, software, and services safer. As part of Trustworthy Computing, Microsoft has trained its developers, testers, and program managers to build more secure software code, following an approach called the Security Development Lifecycle (SDL).

Another fundamental focus is enhancing the processes and tools used in updating customer software. Microsoft works hard to make the updating process more manageable by making it predictable, improving the quality of updates, and investing in effective tools and product enhancements to make it easier.

Threat and Vulnerability Mitigation

Microsoft strives to provide a comprehensive and integrated portfolio of software and technologies that suit the needs of all customers by providing the following benefits:

  • Central visibility and control of risk

  • Reduced exposure to threats through leading technologies and a defense-in-depth approach

  • Seamless integration with existing IT systems and within the security portfolio

Our approach also helps reduce an organization's exposure to attacks, through best-of-breed threat protection, detection, and removal. Data that is collected using various feedback mechanisms combined with global multi-vendor research and collaboration helps promote fast discovery of protection against new threats.

Identity and Access Control

Tackling this challenging aspect of security is another important layer of Microsoft's in-depth approach to defense. It has three parts:

  • Trustworthy Identity

  • Access Policy Management

  • Information Protection

Microsoft is focusing on innovation and integration in this area to help ensure that users are trustworthy, to help manage policy that dictates what resources each user can access, and to help protect information permanently, wherever it is stored.

Read all at http://www.microsoft.com/about/twc/en/us/security.aspx

Read my favorites blogs:

Designing a backup less Exchange 2010 Architecture

Step by step guide for upgrading Active Directory from Microsoft Windows 2003 to Microsoft Windows Server 2008

Microsoft Exchange 2010 CAS Array – Steps and Recommendations

Appear Offline in Microsoft Office Communicator Server 2007

Microsoft Exchange 2010 Test cases

Microsoft Exchange Server 2010 Disaster Recovery