Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

Browse by Tags

Related Posts
  • Blog Post: Ten Immutable Laws Of Security (Version 2.0)

    You might have known the 10 Immutable Laws Of Security since quite a while. It is kind of the “collected non-technical wisdom” of what we see in security respeonse being it in Microsoft Security Response Center or in our Security Product Support. There is now a version 2, which is still as important...
  • Blog Post: Conclusion on UNODC: Open Ended Expert Group on Cybercrime

    I told you that I will attend the UNODC: Open Ended Expert Group on Cybercrime , which is now slowly coming to an end. Let me draw a few conclusions on the meeting. It was not the first UN meeting I attended and – depending on the audience – the discussion can easily result an long political debates...
  • Blog Post: What is More Important to You? Privacy or Safety?

    I want to start upfront: I do not want to take a position here. I have an opinion as a person in my cultural context but I understand that this opinion is by far not the only one which is right or wrong. This morning I read this article: FBI Drive for Encryption Backdoors Is Déjà Vu for Security Experts...
  • Blog Post: Data Governance in the Cloud

    If you look at current discussions between cloud providers and customers, I see it too often that the customer leaves with the impression that the Cloud fixes all their problems. In fact – it does not. Too often I see the Cloud provider telling the customer that they should not care about security anymore...
  • Blog Post: Who cares where your data is?

    Wow, I guess the reason for you clicking on the link is this statement – right? Well, “unfortunately” I cannot claim ownership of it. It was made by a Google representative during an interview in Australia: Google: Who cares where your data is? To me, the whole Cloud discussion sometimes drives into...
  • Blog Post: Are You Focused On The Wrong Security Risks?

    There is an good article on CIO Central: Are You Focused On The Wrong Security Risks? An interesting discussion and I part agree that we have to challenge the way we look at the security risks. I would even broaden the questions he raises. When I talk about industry trends, which impact your risk landscape...
  • Blog Post: Stuxnet talks – do we listen?

    Stuxnet is a severe threat – that’s something we know for sure. But if we look at it – what do we really know? What can we learn? Let’s start from the beginning. As soon as Stuxnet hit the news, it was interesting to see, what was happening. There was a ton of speculation out there about the source and...
  • Blog Post: Mutual Authentication in Real Life–Launching a Nuclear Missile…

    A few years ago, I wanted to run an exercise with our incident response team in Switzerland. A customer, the government and me came together to develop the goals and the scenario. One of the key question we tried to answer together with the university, which we wanted to use as observers was, whether...
  • Blog Post: 10 of the Top Data Breaches of the Decade

    You might have read that I ranted a little bit about the iPad data breach: Who needs a (vulnerable) iPad if you can get an nPad? and some people pushed back – which I can understand. So, to put it into perspective, I read this article this morning on the worst data breaches of the decade. An interesting...
  • Blog Post: How Microsoft Uses File Classification Infrastructure

    Quite a while ago, I blogged about the File Classification Infrastructure in Windows Server 2008 R2: File Classification Infrastructure in Windows Server 2008 R2 File Classification Infrastructure:More content In my opinion, this is an interesting tool, built in to your server platform. Now, we just...
  • Blog Post: Blocking Social Media Sites–a False Sense of Security?

    I blogged often about it: Blocking certain websites today can fire back in different ways. The CIO published an article called Workarounds: 5 Ways Employees Try to Access Restricted Sites – and they say: "Some workarounds can be dangerous because they might create a channel that data can flow out...
  • Blog Post: Customer Experience Study: Security Improves in the Cloud

    Last week, when I was in South Africa, a partner of us pointed me to a very interesting paper by KPMG called Cloud computing: Australian lessons and experiences . What I like is, that a lot of the items I was recently raising, where actually reflected in quotes by customers of Cloud providers as well...
  • Blog Post: Mature your IT and then move to the Cloud

    Today, I had the opportunity to talk to a group of partners on Cloud and security. The goal was to make them ready for the Cloud and make them ready to answer the customer’s questions. One block – obviously – was about security and as I look at it (and as I said), this starts with the customer's processes...