This post is authored by Ann Johnson, Vice President, Enterprise Cybersecurity Group. I was in the midst of composing this blog on diversity in cybersecurity when a Fortune article on Women in Cybersecurity found its way to my LinkedIn feed. It was promoted to me by a man I know and respect. As I reflected on the content of this piece in the context of my post, a key detail … Read more »
In recent years, governments’ concerns about cybersecurity, data protection, and other information and communications technology (ICT) related issues have led to new policies, legislation, and regulation. In response, the ICT industry has consistently called for laws and rules that focus on outcomes and on principles, rather than on processes and prescriptions. This call has become so ubiquitous, however, that there is a danger it has become a hollow form of … Read more »
Recently, I hosted a Chief Information Security Officer roundtable in Washington, DC. Executives from several US government agencies and systems integrators attended to share cloud security concerns and challenges, such as balancing collaboration and productivity against data protection needs, cyber threat detection, and compliance.
This blog post was authored by Andrej Budja, Frank Brinkmann, Heath Aubin, Jon Sabberton and Jörg Finkeisen from the Cybersecurity Protection Team, part of the Enterprise Cybersecurity Group. The security landscape has changed. Attackers often know more about the target network and all the ways they can compromise an organization than the targeted organization itself. As John Lambert writes in his blog, “Defenders think in lists. Attackers think in graphs. … Read more »
This blog is authored by Avi Sagiv, Principal Program Manager, Windows Defender ATP. Security is top of mind for all our customers. At Microsoft, we’re building a platform that looks holistically across all the critical end-points of today’s cloud and mobile world. Our platform investments across identity, applications, data, devices, and infrastructure take a comprehensive approach that is inclusive of the technologies our customers are using. As we continue to invest … Read more »
This post is authored by Andrew Marshall, Principal Security Program Manager, Security Engineering. For well over a decade, Microsoft has been committed to designing, developing, and testing software in a secure and trustworthy manner and sharing the Security Development Lifecycle (SDL) methodology and resources with the software development community. We are continuing to make investments into the evolution of the SDL and resources we provide to enable the ecosystem to adapt … Read more »
This post is authored by Ann Johnson, Vice-President, Enterprise Cybersecurity Group. As noted in the 2016 Verizon Data Breach Incident Report, 63% of confirmed breaches involved leveraging weak, default or stolen passwords, 30% of phishing messages were opened in 2015, and 12% of targets clicked on the malicious attachment or link. Given this, organizations of all types can make significant gains in their security posture by educating their user base on … Read more »