Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

September, 2013

  • Examining Korea’s Rollercoaster Threat Landscape

    The last time I wrote about the threat landscape in the Republic of Korea, its malware infection rate had increased six-fold in the first six months of 2012. Korea has had one of the most active threat landscapes in the world for many years. According to the latest data published in the Microsoft Security Intelligence Report Volume 14, the last half of 2012 was no different. Figure 1 provides the raw number of systems that were disinfected in Korea and other relatively active locations in each of the four quarters of 2012.  Read more

  • Financial Services: A Survey of the State of Secure Application Development Processes

    The financial services industry is one of the world’s largest industries by monetary value, and an industry which has a direct impact on the lives of billions of people around the world. Organizations in the financial services industry handle trillions of transactions each year involving sensitive information about individuals, companies, and other third parties. To help protect this sensitive information it is important that financial services organizations are developing, procuring, and using software applications that have been developed with security in mind.

    Microsoft commissioned an independent research and consultancy firm, The Edison Group, to examine the current state of application development in the financial services sector from a security perspective. Their report – Microsoft Security Development Lifecycle Adoption: Why and How – is available today.
    The paper was developed following in-depth interviews with Chief Security Officers and senior executives representing some of the leading banks and financial services companies in the United States. Some highlights from the paper..  Read more

  • CISO Perspectives on Compliance in the Cloud

    Regulatory compliance is a hot topic among many of the customers I talk to. Of particular interest is compliance as it relates to the cloud. It is a challenging topic and there are many regulations that Chief Information Security Officers (CISOs) need to be aware of and adhere to and these can vary significantly by industry and location.

    Today Trustworthy Computing is releasing an executive level article providing insight on the challenges, success factors and potential solutions of compliance from CISOs representing some of the world’s largest organizations. Our aim is to share and highlight some of the key things that other CISOs and information and security risk specialists might want to consider in relation to the topic of compliance.  Read more

  • CISO Perspectives on Risk

    Many of the Chief Information Security Officers (CISOs) and security executives that I talk to tell me that they are always craving information. It always seems as though while some parts of their job responsibilities are under control, they think that other areas need more of their attention or could be more efficiently managed.  Since they typically have limited time, limited information and limited resources, they look for sources of information that are tailored for their specific needs, making the information easy to consume and highly valuable.  One such source of information for security executives is… other security executives. Most, if not all of the CISOs that I talk to, rely on other security executives in the industry to provide insights into topics they are interested in.  When they can get valuable information and advice on an important topic from someone doing a similar job in another organization, they typically are willing to listen and engage.  Read more