1 / 18

CSS Security

CSS Security. Progress, Innovation and Services. 2007 Bulletin Volume to CSS Dropped. Why less? Quality of security update and TESTING Quality of security bulletin. 52% Decline. Region View. Security Vulnerability Tracker. Successful Events with CSS Sec.

wolfe
Download Presentation

CSS Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSS Security Progress, Innovation and Services

  2. 2007 Bulletin Volume to CSS Dropped Why less? • Quality of security update and TESTING • Quality of security bulletin 52% Decline

  3. Region View

  4. Security Vulnerability Tracker

  5. Successful Events with CSS Sec Europol Cybercrime event (Dublin, Jan 14-17) NPA Cybercrime Workshop (Tokyo, Dec 6-7) CNCert Government Workshop, Shanghai Oct 23-25

  6. Introduction of Chinese Language Vulnerability Reporting Channel Vulnerability Reporting from China Security Experts CSSSEC China Incident Response Team Qualified vulnerability reporting to MSRC • A local reporting channel for efficient communication • A filter to improve vulnerability reporting quality • A local communication channel to build relationships with China security experts

  7. Security/ Patch Analyst Monthly Security Bulletins Program Manager Centralized Call Center Security Specialists GCR SGC Portal Security Guidance Center Framework APGC CS Team • Leverage Siebel data and establish customer profile; • Monthly call out customer to confirm patch installation; • Collect customer feedback on SGC; SGC Operation TeamOwned by Security Core Team APGC CSS Security Team • Work Scope: • SGC internal portal development and maintenance • Monthly security patch installation management • Monthly business review • EPG customers management and internal/external communication • Work Scope: • Monthly security bulletins readiness • Security helpdesk: question on security patches installation and testing. Average less than 15 mins per customer call.

  8. Japan Monthly Webcast

  9. CSS Security Services and Training • Providing security and training offerings for Premier customers worldwide • 27 current official offerings • Law Enforcement focused offerings available • Expanding coverage as resources allow • Not all training available in all regions • Available in a variety of formats: • Training / workshops / roundtable discussions • Cost is taken from Premier contract hours • LCA has (limited) Premier contract for LE workshops • Travel and Expenses requested from customers • CSS Security is uniquely positioned to utilize our talent • and worldwide presence

  10. Security Information for Financial Organizations (SIFO) • Partnership with worldwide financial organizations • Create a more strategic relationship for information sharing and communication • Fits into our existing MSRA programs • Building strong alliances to protect the ecosystem • Microsoft standard NDA required

  11. What MS share with Members Finance Org • Share vulnerability info • Drill Planning – Ensure Readiness • Escalated channel for support • Monthly Newsletter and Conference Calls • Speaker Series • Training and Workshops ($)

  12. What Members Share with MS Finance Org • Samples of threats in their business • phishing, viruses, malware • Share suspect new vulnerabilities • Monthly report sent on key security • incidents & threats • Coverage on region and sector • specific threats

  13. Call to Action • Provide viable candidates from your region • Looking to pilot with 5-10 worldwide financial institutions May 1st • Any candidate that has had pain points around targeted attacks and security vulnerabilities are top priority • Focus on those in need of a stronger relationship with Microsoft

  14. Major Events and Security Needs • Today: • Scattered approach which randomizes and burns out various Microsoft staff trying to be heroes for a good cause • Most often not run as true projects with timelines, deliverables, and accepted risks • Often falls short of goal of identifying and eliminating or mitigating likely security scenarios

  15. Major Events and Security Needs • Tomorrow: • Seasoned, Microsoft team approach with TwC, MSRC, Services, Product Teams, CSS, Account Teams • Infrastructure Review with Risk and Vuln Assessments delivered in timely fashion • Emergency Response Plans as deliverable

  16. Questions? dahnah@microsoft.com

  17. Examples of our Offerings

  18. Most Deliverables Available in All Regions • Defense in Depth • Enterprise Security Management • History of Malware • Forefront Workshops (Product Intro) • Patch Management • Security Crisis Management • Security Health Check APAC APAC EMEA EMEA China China Korea Japan Americas

More Related