CTO-Cybersecurity Forum-Angela McKay

Download CTO-Cybersecurity Forum-Angela McKay

Post on 19-Jan-2015

824 views

Category:

Documents

2 download

Embed Size (px)

DESCRIPTION

 

TRANSCRIPT

<ul><li> 1. Trust, Security, and ResiliencyEmpowering the Information Society<br />Angela McKay<br />Senior Security Strategist Lead<br />Global Security Strategy and Diplomacy Trustworthy Computing <br /></li></ul> <p> 2. Understanding the Cyber Threat<br />Challenges<br />Many malicious actors<br />Similar techniques<br />Many motives<br />Shared integrated domain<br />Consequences hard to predict<br />Worst case scenarios alarming<br />Attribution<br /> 3. Cyber Threat Categories &amp; Solutions<br />Economic Espionage<br />Cybercrime<br />Cyber Warfare<br />Military Espionage<br />www.microsoft.com/downloadRethinking the Cyber Threat by Scott Charney<br /> 4. Trust<br />Trust in the Info Society <br />Reputation<br />Establishment<br />Mechanisms to uniquely identify, authenticate, and establish trust<br />Revocation<br />Mechanisms for revoking claims<br />Identity<br />Minimal Disclosure<br />Mechanisms to limit information revealed to only what is essential for the transaction<br />Broker-mediated Disclosure<br />Mechanisms enabling trusted 3rd-parties to minimize data shared<br />Privacy<br /> 5. Trust<br />Enabling Interoperability<br />Microsoft has released portions of the U-Prove technology to the open source community, customers, developers and the industry, in order to gather feedback.The following are available now:<br />Two specifications published under the Microsoft Open Specification Promise, making the technology and guidance available to a broad audience of commercial and open source developers<br />Open source software developer kits in C# and Java software developer kits available under the Berkley Software Distribution license<br />A Community Technology Preview of U-Prove, providing integration with Active Directory Federation Services 2.0, Windows Identity Foundation and Windows CardSpace v2<br /> 6. Security<br />Exploit Economics<br /> 7. Security<br />Decreasing Attacker ROI<br />The Microsoft Security Development Lifecycle - Simplified<br />www.microsoft.com/security/sdl<br />7<br /> 8. Resiliency<br />Responding with Agility and Expertise<br />Alert<br />and Mobilize<br />Assess<br />andStabilize<br />Watch<br />Resolve<br /></p> <ul><li>Provide information and tools to restore normal operations </li></ul> <p> 9. Appropriate solution is provided to customers, such as a security update, tool or fix 10. Conduct internal process reviews and gather lessons learned 11. Assess the situation and the technical information available 12. Start workingon solution 13. Communicate initial guidance and workarounds to customers, partners and press 14. Notify and inform field support 15. Convene and evaluate severity 16. Mobilize security response teams and support groups into two main groups: 17. Emergency Engineering Team 18. Emergency Communications Team 19. Monitor customer support and press 20. Observe environment to detect any potential issues 21. Leverage existing relationships with: 22. Partners 23. Security researchers and finders 24. Monitor customer requests and press inquirieswww.microsoft.com/msrc<br /> 25. Resiliency<br />Partnering for Resilience<br />Media<br />Emergency<br />Responders<br />Government<br />Private Sector<br />&amp; NGOs<br /> 26. Resiliency<br />Microsoft Programs<br />Training - Security Cooperation Program (SCP)<br />Rapid Response Communications <br />SCPCert<br />Defensive Security Information <br />Defensive Information Sharing Program (DISP)<br />Policy Guidance <br />Critical Infrastructure Partner Program<br />www.microsoft.com/industry/publicsector/government/programs/default.mspx<br /> 27. Trust, security, and resiliency are challenges that must continually be addressed to move forward in the information society.<br />The public and private sector should collaborate to:<br /></p> <ul><li>Build better mechanisms formaking informed trust decisions and improving identity </li></ul> <p> 28. Increase the costs for cyber attackers 29. Build more collaborative security relationships to mitigate riskCalls To Action<br /> 30. 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.<br />The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation.Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.<br /></p>