TechNet
Products
IT Resources
Downloads
Training
Support
Products
Windows
Windows Server
System Center
Internet Explorer
Office
Office 365
Exchange Server
SQL Server
SharePoint Products
Lync
See all products »
Resources
Curah! curation service
Evaluation Center
Learning Resources
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Script Center
Server and Tools Blogs
TechNet Blogs
TechNet Flash Newsletter
TechNet Gallery
TechNet Library
TechNet Magazine
TechNet Subscriptions
TechNet Video
TechNet Wiki
Windows Sysinternals
Virtual Labs
Solutions
Networking
Cloud and Datacenter
Security
Virtualization
Updates
Service Packs
Security Bulletins
Microsoft Update
Trials
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Related Sites
Microsoft Download Center
TechNet Evaluation Center
Drivers
Compatability & Converters
Windows Sysinternals
TechNet Gallery
Training
Training Catalog
Class Locator
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
e-Learning overview
Certifications
Certification overview
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Other resources
TechNet Events
Second shot for certification
Born To Learn blog
Find technical communities in your area
Support by product
Exchange Server
Forefront Server
Forefront Edge Security
Forefront Server Security
Internet Explorer
Office
SharePoint
SQL Server
System Center
Windows Server
Windows XP
Windows Vista
Windows 7
Windows 8
Other support links
Microsoft Premier Online
Microsoft Fix It Center
TechNet Forums
MSDN Forums
Security Bulletins & Advisories
International support solutions
Log a support ticket
Look up event IDs and error codes
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Sign in
Roger's Security Blog
As Chief Security Advisor of Microsoft EMEA - lets share interesting security information
Tags
Advisory
Anti-Malware
Applications
Architecture
Associations
Behaviour
Blog
botnet
Browsing
Chief Security Advisor
Children
Cloud
Cloud Computing
Collaboration
Competition
Compliance
Consumer
cost
Crime
Critical Infrastructure
Critical Infrastructure Protection
cybercrime
Cybersecurity Agenda
Data Protection
Development Lifecycle
Ecosystem
encryption
Event
Events/Training
Family
Freedom of Speech
Fun
Gaming
Government
Hacking
Home
Identity
Identity Theft
Incident Response
Incident Sharing
Incidents
Industry
Industry Associations
Internet Explorer
Interoperability
Law Enforcement
Legislation
Lifecycle
malware
Mass Mailer
Messaging
Microsoft
Microsoft products
Mindset
Mobile
Network
NGO
Online Safety
OpenSource
Passwrods
patch management
People
Phone
Piracy
Policies
Policy
Policy Makers
politics
Privacy
Processes
Products
protection
Real Life
risk assessment
risk management
Securing My Infrastructure
Security
Security Intelligence Report
Security Updates
Social Engineering
social media
Strategy
support
TechEd EMEA
TechEd-ITForum
Technology
Teens
Terrorism
trends
Trip
Trust
Trustworthy Computing
UN
University
Updates
Vulnerabilities
Windows
Windows Phone
worm
XBOX
Browse by Tags
TechNet Blogs
»
Roger's Security Blog
»
All Tags
»
policies
Related Posts
Blog Post:
Ten Immutable Laws Of Security (Version 2.0)
rhalbheer
You might have known the 10 Immutable Laws Of Security since quite a while. It is kind of the “collected non-technical wisdom” of what we see in security respeonse being it in Microsoft Security Response Center or in our Security Product Support. There is now a version 2, which is still as important...
on
16 Jun 2011
Blog Post:
Who cares where your data is?
rhalbheer
Wow, I guess the reason for you clicking on the link is this statement – right? Well, “unfortunately” I cannot claim ownership of it. It was made by a Google representative during an interview in Australia: Google: Who cares where your data is? To me, the whole Cloud discussion sometimes drives into...
on
10 Jun 2011
Blog Post:
How Microsoft Uses File Classification Infrastructure
rhalbheer
Quite a while ago, I blogged about the File Classification Infrastructure in Windows Server 2008 R2: File Classification Infrastructure in Windows Server 2008 R2 File Classification Infrastructure:More content In my opinion, this is an interesting tool, built in to your server platform. Now, we just...
on
8 Jun 2011
Blog Post:
Mutual Authentication in Real Life–Launching a Nuclear Missile…
rhalbheer
A few years ago, I wanted to run an exercise with our incident response team in Switzerland. A customer, the government and me came together to develop the goals and the scenario. One of the key question we tried to answer together with the university, which we wanted to use as observers was, whether...
on
30 Mar 2011
Blog Post:
Are You Focused On The Wrong Security Risks?
rhalbheer
There is an good article on CIO Central: Are You Focused On The Wrong Security Risks? An interesting discussion and I part agree that we have to challenge the way we look at the security risks. I would even broaden the questions he raises. When I talk about industry trends, which impact your risk landscape...
on
28 Jan 2011
Blog Post:
Conclusion on UNODC: Open Ended Expert Group on Cybercrime
rhalbheer
I told you that I will attend the UNODC: Open Ended Expert Group on Cybercrime , which is now slowly coming to an end. Let me draw a few conclusions on the meeting. It was not the first UN meeting I attended and – depending on the audience – the discussion can easily result an long political debates...
on
20 Jan 2011
Blog Post:
Stuxnet talks – do we listen?
rhalbheer
Stuxnet is a severe threat – that’s something we know for sure. But if we look at it – what do we really know? What can we learn? Let’s start from the beginning. As soon as Stuxnet hit the news, it was interesting to see, what was happening. There was a ton of speculation out there about the source and...
on
12 Oct 2010
Blog Post:
What is More Important to You? Privacy or Safety?
rhalbheer
I want to start upfront: I do not want to take a position here. I have an opinion as a person in my cultural context but I understand that this opinion is by far not the only one which is right or wrong. This morning I read this article: FBI Drive for Encryption Backdoors Is Déjà Vu for Security Experts...
on
29 Sep 2010
Blog Post:
Customer Experience Study: Security Improves in the Cloud
rhalbheer
Last week, when I was in South Africa, a partner of us pointed me to a very interesting paper by KPMG called Cloud computing: Australian lessons and experiences . What I like is, that a lot of the items I was recently raising, where actually reflected in quotes by customers of Cloud providers as well...
on
28 Sep 2010
Blog Post:
Data Governance in the Cloud
rhalbheer
If you look at current discussions between cloud providers and customers, I see it too often that the customer leaves with the impression that the Cloud fixes all their problems. In fact – it does not. Too often I see the Cloud provider telling the customer that they should not care about security anymore...
on
15 Sep 2010
Blog Post:
Blocking Social Media Sites–a False Sense of Security?
rhalbheer
I blogged often about it: Blocking certain websites today can fire back in different ways. The CIO published an article called Workarounds: 5 Ways Employees Try to Access Restricted Sites – and they say: "Some workarounds can be dangerous because they might create a channel that data can flow out...
on
14 Aug 2010
Blog Post:
Mature your IT and then move to the Cloud
rhalbheer
Today, I had the opportunity to talk to a group of partners on Cloud and security. The goal was to make them ready for the Cloud and make them ready to answer the customer’s questions. One block – obviously – was about security and as I look at it (and as I said), this starts with the customer's processes...
on
23 Jun 2010
Blog Post:
10 of the Top Data Breaches of the Decade
rhalbheer
You might have read that I ranted a little bit about the iPad data breach: Who needs a (vulnerable) iPad if you can get an nPad? and some people pushed back – which I can understand. So, to put it into perspective, I read this article this morning on the worst data breaches of the decade. An interesting...
on
18 Jun 2010