A lot of governments all across the globe are working on starting, restarting or pushing their Cybersecurity initiative. What often concerns me is, that the last real headline has more impact on the strategy and the themes to be addressed than a structure or a plan or a strategy.

This made us thinking about what is needed to run a successful Cybersecurity Agenda within a country? What themes ought to be addressed and in which form.

We came up with a fairly simple model:

To explain the model, we just published two papers about it:

• Cybersecurity white paper abstract – a one pager with a high-level description
• Cybersecurity: More than a good headline – a few more pages going deeper into the discussion of the different subjects.

In parallel we are working on a book about this, giving much more examples and background – so stay tuned.

The only thing I really know: When I do a presentation explaining Cybersecurity and at the end show the slide above, governments love it. Typically they approach me asking for the deck – if they are not politically correct they tell me that they just want to get this slide.

Comments are very welcome. If you need/want further information, get in touch with me. Happy to help

Roger

If you are a regular reader of my blog, you should know the Security Compliance Manager (if you are not, you should become a regular reader of my blog ).

Version 2 of the Microsoft Security Compliance Manager (SCM 2) is now available for download. If you do not know it, this is the way our Solution Accelerator team promotes it:

Security Compliance Manager 2 is a free tool from the Microsoft Solution Accelerators team that enables you to quickly configure and manage your computers, traditional datacenter, and private cloud using Group Policy and Microsoft^® System Center Configuration Manager.

SCM 2 provides ready-to-deploy policies and DCM configuration packs that are tested and fully supported. Our product baselines are based on Microsoft Security Guide recommendations and industry best practices, allowing you to manage configuration drift, address compliance requirements, and reduce security threats.

Easily configure Windows® operating systems, Microsoft® Office applications, and Internet Explorer with industry leading knowledge and fully supported tools.

Take advantage of SCM 2 to import the configuration of a “golden master” reference machine or existing Group Policy. Compare your standards to industry best practices, customize them using rich knowledge, and seamlessly create new policies and DCM configuration packs in the user-friendly UI designed to work with System Center Configuration Manager 2007 R2.

Key Features Include:

Gold master support: Import and take advantage of your existing Group Policy or create a snapshot of a reference machine to kick-start your project!

Configure stand-alone machines: Deploy your configurations to non-domain joined computers using the new GPO Pack feature!

Updated security guides: Take advantage of the deep security expertise and best practices in the updated security guides, and the attack surface reference workbooks to help reduce the security risks that you consider to be the most important!

Compare against industry best practices: Analyze your configurations against prebuilt baselines for the latest Windows client and server operating systems!

This is how it looks like:

and

It is really worth looking at.

For you, this is what you should do:

• Download SCM 2.
• Help spread the word: tell your friends about Security Compliance Manager 2.
• Thoughts? Favorite features? Feedback? Tell it to the dev team.

Want more information on a specific feature? Interested in speaking with the development team? Please contact Venkat Ganti.

Roger

The Enhanced Mitigation Experience Toolkit  is definitely not new but I recently realized that not too many people know about it – and they should. EMET helps you to raise your shields against zero-days and any exploit in the wild. I do not say that it is a silver bullet but it is definitely going into this direction – a little bit.

You can find all the necessary information on EMET here:

• That’s the article on our support website: The Enhanced Mitigation Experience Toolkit
• Here a TechNet blog post: New version of EMET is now available
• To download EMET v 2.1
• And a BlueHat session

Before you start, please make sure that you have the Bitlocker recovery key ready (you are running Bitlocker, don’t you?) or that you suspend Bitlocker for the time of the configuration as EMET might change your Data Execution Prevention settings, which change your bootloader, which invalidates the Bitlocker signature, which needs to be proven.

I always love to strengthen my policies and see when something breaks and how. I started to use it and it actually provides you a fairly straight-forward interface with what is running and in which state:

You can then configure your applications and define on which level you want them to be protected. It might then happen that this pops up:

I wont tell you which application it was but I was a little bit scared…

Anyway, if you did not use it yet, I think you should!

Roger

I know, that’s the second time now I am doing this comparison thingy and I promise that I will stop again and deliver you a cool tool as the next post but I read this article: Why I’ve finally had it with my Linux server and I’m moving back to Windows – be sure that you read the comments. To me they are more interesting than the article itself
Roger

Well, I have to admit – I am biased. I never used an iPhone in my life and based on my experience with my iPod, I hope I never have to, but who knows. I really do not like the UI which – to me – is everything but user friendly and the worst thing with iPhone is iTunes. Whenever iTunes starts to download podcasts and similar things the performance of my notebook just drops significantly – and it is not that slow generally.

When my parents recently wanted to buy a smartphone, they asked me… I told them fairly simple: “It is your choice but I cannot give you any support on an iPhone as I do not know it”. I guess, it is kind of blackmailing but that’s life . So, they bought a Windows Phone 7 and guess what – they love it but they are under constant pressure by their friends… And then recently a person (owning an iPhone) said: “It is actually fairly simple: If you just want to do simple and easy stuff, iPhone is the right device. If it gets sophisticated, you need a Windows Phone 7” – and I did not even offer this guy a bottle of wine, I probably should have.

The reason for this blog is an article I started to read called Windows Phone 7.5 vs. iOS 5 – you should read it. He kind of stumbles across the same issues as I do with my iPod (and btw, he seems to be an experienced iWhatever user):

But it's not really the performance that bothers me with iOS 5, and as noted previously I'm sure the iPhone 4S will clear those issues up nicely. It's the usage model. Apple's mobile OS, like its desktop OS, is inscrutable. It presents a grid of icons, none of which can offer more than the dumbest heads-up that something has happened: A little red "2" on the Mail icon suggests you have two unread emails, for example, but that's all you get.

On Windows Phone, yes, we have these dumb little overlays too. And yes, the Mail tile will indeed display a little "2" when you have two unread emails. But other tiles are more descriptive, "alive with information" as Microsoft says. The Calendar tile has the title and time of your next appointment, so you can check that information without diving into the app. Third party weather apps actually display the weather forecast, so, again, you don't have to actually tap anything to find out what's happening. All across the Windows Phone ecosystem, these more intelligent apps provide you with information right from the Start screen, no navigation required.

Before that, he was actually looking at Apple’s business model (emphasis is by me):

On the 3GS, it's also dog slow, a situation that will obviously not be the case on the iPhone 4S, which has dramatically faster innards. You tap and then wait, and just when you start to doubt you tapped anything, whatever it is you tapped finally launches. It's not a good experience, and one suspects that's completely by design. Apple, after all, has mastered the quickie obsolescence/upgrade model better than any company.

Back to the user interface:

I've used photo viewing as a canonical example of why the Windows Phone usage model--which thinks and works the way you do, not vice versa--is superior to that of the iPhone and iOS. And that's as true today as it was a year ago. If you want to view photos in iOS, you--yes, you, the user--needs to think first where those photos may reside. Are they in the Photos app? Are they in the Facebook app? Are they in the MobileMe Gallery app? The App Store for iOS, after all, is just bursting with apps. It's the platform's single biggest selling point, as you know.

In Windows Phone, you just visit the Pictures hub. Here, all of your photos are brought together in one place, whether they're on the phone (taken with the camera or otherwise saved to the device), on Windows Live (where your camera photos can be automatically backed up, albeit in versions for sharing, not full-sized originals), on Facebook, or on Twitter. Third party photo apps also integrate into the Pictures hub, so while you could do the iOS-style "think, then search for the app" thing, you don't have to: They're all in one place.

To be fair, he has quite some nice words for iPhone as well:

Where iOS really excels, of course, is with the devices on which it runs. Apple is, at heart, a mobile devices company, and its iPhone, iPod touch, iPad, and Mac laptop product lines are all highly rated and desirable. I don't have my iPhone 4S yet, but aside from a concern about the too-small screen, which makes the virtual keyboard hard to use, and the lack of an all-new design, there's little to genuinely criticize there. The current crop of Windows Phones, which date back a year, are getting long in the tooth.

Looking forward to Nokia…

And the last statement I love:

In the end, iOS 5 is the safe choice, the one you recommend to less experienced users. But it is Windows Phone that occupies the innovation seat that Apple once commanded, back in 2007. If you're looking for the best aesthetics, the best efficiency, and the best software design, Windows Phone is where it's at. And that's something I suspect Apple's most ardent fans will have difficulty understanding. But look beyond your favorite platform for a moment and you will discover that the outside world is in some ways moving along faster than is Apple. And that what brought you to Apple in the first place is happening elsewhere.

Ah, yes you have more apps in the marketplace on iPhone – I know. But I usually challenge people to give me one single app I really want to use (not the stuff I delete after the second use), which I do not have on Windows Phone 7. There is one (1) – it is called “Peak Finder Alps” and that’s it so far. I know that I am not the ultimate representative sample...

When are you going to get your Windows Phone 7?

Roger