Presentation is loading. Please wait.

Presentation is loading. Please wait.

In the attack index…what number is your Company?

Published byDarrell Wright Modified over 5 years ago

Similar presentations

Presentation on theme: "In the attack index…what number is your Company?"— Presentation transcript:

1 In the attack index…what number is your Company?

2 Microsoft Secures Microsoft with Microsoft An Overview
Justin Nelson | Office of CIO | Microsoft Corporation | 27th February 2006

3 Agenda The Microsoft Landscape Managing Risk What does IT cost?
Strategies, Tactics, Solutions

4 Microsoft IT Environment
111K+ server accounts 1.9 Tb Db Single Instance SAP 334K+ PCs and devices Dublin Redmond Tukwila Tokyo SVC 3M+ internal messages per day 10M+ s from the Internet per day 9M+ rejected as spam 99.99% availability Singapore 106K+ end users 98 countries 441 buildings 9.5M+ remote connections per month

5 Enterprise Risk Model Unacceptable Risk Impact to Business
5 Enterprise Risk Model High Unacceptable Risk Risk assessment drives to acceptable risk (Defined by Business Owner) Impact to Business Acceptable Risk Low Low Probability of Exploit (Defined by Corporate Security) High

6 Microsoft IT Spend Breakdown
FY05 Breakdown Cost Element View People 72% Data & Voice 16% Hardware 5% Facilities 5% Software 2% Software 5% (adjusted to include estimate if MS software were included) Functional View Applications 60% App Development (29%) App Support (31%) Infrastructure 40% Network (14%) Data Center (7%) Employee Services (5%) Voice (5%) Helpdesk (5%) Security (3%) Employee Services = monitoring/Tier 2 (2%), messaging (1%), software deployment (1%), collaboration (0.5%), data protection (0.5%)

7 Microsoft CISO Concerns
Regulatory compliance Mobility of data Unauthorized access to data Malicious software Supporting an evolving client

8 Key Strategies and Tactics
Assessment of risk Identification of potential threats Mitigate risk through five key strategies Secure the Network Identity & Access Management IP and Data Protection Enhanced Auditing & Monitoring Awareness

9 Key Strategies and Tactics
Secure the Network Identity & Access Management IP and Data Protection Enhanced Auditing & Monitoring Awareness Secure Extranet and Partner Connections Secure Remote Access Network Segmentation Network Intrusion Detection Systems Hardening the Wireless Network Strong Passwords Public Key Infrastructure: Certificate Services Hygiene and Trustworthy Messaging Least Privileged Access Managed Source Code Security Development Lifecycle - IT Securing Mobile Devices Automated Vulnerability Scans Combating Malware Security Event Collection Information Security Policies Training and Communications For More Information

10 In summary The Microsoft Landscape Risk Management approach Budgeting
Strategies, Tactics, Securing Microsoft with Microsoft For More Information

11 For More Information Additional content about Microsoft IT deployments and best practices can be found on Microsoft TechNet Microsoft Case Study Resources IT Showcase

12 © 2005 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Download ppt "In the attack index…what number is your Company?"

Similar presentations

Incident Response Managing Security at Microsoft Published: April 2004.

Incident Response Managing Security at Microsoft Published: April 2004.
Security Controls – What Works

Security Controls – What Works
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Challenges in the Enterprise Sunjeev Pandey Sr. Director - GTS Microsoft IT.

Challenges in the Enterprise Sunjeev Pandey Sr. Director - GTS Microsoft IT.
Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)

Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)
Smart Card Deployment David Gautrey IT Manager – Microsoft New Zealaand Microsoft Corporation.

Smart Card Deployment David Gautrey IT Manager – Microsoft New Zealaand Microsoft Corporation.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
© 2004-2014. Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.

© Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.

Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.
Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.

Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.
Enterprise Computing Community June 13 - 15, 2010February 27, 2010 1 Information Security Industry View Linda Betz IBM Director IT Policy and Information.

Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.

1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.
Brad Allen Windows Client Technical Specialist Microsoft Corporation.

Brad Allen Windows Client Technical Specialist Microsoft Corporation.
Deploying PKI Inside Microsoft The experience of Microsoft in deploying its own corporate PKI Published: December 2003.

Deploying PKI Inside Microsoft The experience of Microsoft in deploying its own corporate PKI Published: December 2003.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Deploying SharePoint Products and Technologies for Enterprise Collaboration Microsoft IT group’s Centrally Hosted Collaboration Solution.

Deploying SharePoint Products and Technologies for Enterprise Collaboration Microsoft IT group’s Centrally Hosted Collaboration Solution.

Similar presentations

Ads by Google