Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Are you an Information Technology (IT) Professional or developer looking for a resource to stay up to date with Microsoft security? If so, I strongly encourage you to check out our Microsoft Security Newsletter. This monthly newsletter delivered to your inbox in either HTML or Plain Text covers a wide range of Microsoft security topics from leading experts including...
We are bringing together the best and brightest security professionals at the second annual Security Development Conference, May 14-15, 2013 at the InterContinental San Francisco Hotel. Join us as we spend two days immersed in content covering the latest in security development techniques and processes that can reduce risk and help protect organizations in this rapidly evolving technology landscape.
This article in our free security tools series focuses on the benefits of the Microsoft Assessment and Planning Toolkit. If you are an IT Professional then you know platform migrations can be a daunting task. Depending on your organization’s size, complexity and maturity, simply understanding your organization’s IT state and migration potential can take hours, days and sometimes even months. To help ease the migration process, Microsoft has created the Microsoft Assessment and Planning (MAP) Toolkit. The MAP Toolkit is a powerful inventory, assessment and reporting tool that can securely assess IT environments for various platform migrations. The toolkit is designed to run in any organization regardless of size and is effective at helping to accelerate PC, server, database and cloud migration planning across heterogeneous environments. It also provides tailored assessment proposals and recommendations, and helps gain efficiencies through multiple technology migration assessments with a single tool.
One location I haven’t written about in the past is Pakistan. This is one region where the malware infection rate increased substantially when we changed the method we use to locate systems reporting malware infections (as seen in Figure 1). Prior to 2011, the Microsoft Malware Protection Center used the administrator-specified setting under the Location tab or menu in Region and Language in the Windows Control Panel to determine the location of a system reporting an infection. Starting in volume 11 of the Microsoft Security Intelligence Report, location was primarily determined by geolocation of the IP address used by the computer submitting the telemetry data. If you are interested in the details, you can read all about this change in an article we published previously: Determining the Geolocation of Systems Infected with Malware.
This article in our free security tools series focuses on the benefits of the URLScan Security Tool. Attackers often use websites to conduct phishing attacks or distribute malware. According to the Microsoft Security Intelligence Report Volume 13, there were 4.4 phishing sites per 1,000 Internet hosts worldwide in the second quarter of 2012 (2Q12) alone. Malicious websites typically appear to be completely legitimate and often provide no outward indicators of their malicious nature, even to experienced computer users. In many cases, these sites are legitimate websites that have been compromised by malware, SQL injection, or other techniques in an effort by attackers to take advantage of the trust users have in them.
This article in our compliance series looks at how the Microsoft Security Development Lifecycle (SDL) helps organizations meet compliance requirements under the financial sector’s Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS).
PCI DSS is an industry-accepted information security standard authored and approved by the PCI Security Standards Council (PCI SSC). It applies to organizations operating within the United States that handle cardholder information for the major debit, credit, pre-paid, e-purse, Automated Telling Machine (ATM) and Point of Sale (POS) cards. The standard was created to increase controls around cardholder data to help reduce credit card fraud.
I have written about the threat landscape in Korea a few times in the past as it has been one of the most active threat landscapes in the world for some time:
Data from the Microsoft Security Intelligence Report volume 13 indicates that Korea’s malware infection rate (Computers Cleaned per Mille or CCM) increased 6.3 times during the first half of 2012. During this period the number of systems cleaned per 1,000 systems scanned by the Microsoft Malicious Software Removal Tool (MSRT) in Korea increased from 11.1 in the fourth quarter of 2011 (4Q11) to 70.4 in the second quarter (2Q12) of 2012. At the end of the first half of 2012 Korea had the highest malware infection rate ever published in the Microsoft Security Intelligence Report, ten times the worldwide average infection rate.
This article in our free security tools series focuses on the benefits of the Microsoft Security Compliance Manager tool (SCM). One of the most important tools for managing and securing Windows environments is Group Policy. Group Policy is often used in enterprise environments to help control what users can and cannot do on a computer system. IT Professionals typically leverage Group Policy for a number of reasons but one of its primary benefits is to help manage security for groups of systems and reduce support costs. While the value of Group Policy is clear, maximizing its potential can sometimes be a daunting task. To help ease the management process for Group Policy, Microsoft released a free tool called the Microsoft Security Compliance Manager (SCM).
This article in our compliance series looks at how the Microsoft Security Development Lifecycle (SDL) helps organizations meet compliance requirements under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.
HIPAA is legislation which affects organizations operating in the United States who provide health insurance coverage for workers and their families. The Act also defines policies, procedures and guidelines for protecting the privacy and security of individually identifiable health information through a series of rules. One of these rules is the Security Rule which deals specifically with standards for the handling and storage of Electronic Protected Health Information (EPHI).