Our EMEA Security Program Manager, Henk van Roest, started this series internally and with his consent I am publishing it here in my blog as I think it contains a lot of great information for you to use.


So far, in the first 4 chapters, we have addressed the usual excuses for not Managing Your IT Environment and Security Updates:

  1. Security is not worth it, nothing ever happens and if it does it will be “no big deal”
  2. I installed the Microsoft updates, but my network was still compromised
  3. OK now I understand why Security is important but no idea how I start
  4. I now know what I want to do, I just don’t know how, I need training

Here we address the need for automation, cost reduction and standardization, Microsoft has literally hundreds of tools to help management assess risk and administrators implement security updates and policies.

Security Update Management Tools: http://technet.microsoft.com/en-gb/security/cc297183.aspx#EPC

Security Update Detection Tools: http://technet.microsoft.com/en-gb/security/cc297183.aspx#EID

Security Risk Assessment Tool: http://technet.microsoft.com/en-gb/security/cc297183.aspx#EUD

Lockdown, Auditing, Intrusion Detection, Remediation Tools: http://technet.microsoft.com/en-gb/security/cc297183.aspx#E2D

Virus and Malware Protection and Removal Tools & Apps: http://technet.microsoft.com/en-gb/security/cc297183.aspx#E1E

Reduce Your Risk: 10 Security Rules To Live By

This is from 2006 but it demonstrates on a conceptual level how the technology can change but the rules remain the same.  Yet again we learn that Security is a Process, not a Product!

http://technet.microsoft.com/en-us/magazine/2006.05.reducerisk.aspx


Henk and Roger