Simple Rules To Stop Bad Guys

Hi, RockyH here, I was browsing for IT security news from the hotel this evening and came across this gem:   That’s it. Of course there is no information about who to email, and why should their be. If they can’t figure out how to tell the difference between malicious traffic and real traffic other…


Video Series: ACE Security Consultants from the Field

Kicking off our video series, ‘ACE Security Consultants from the Field,’ Talhah Mir from Microsoft Information Security, talks to two passionate individuals about security. Watch the podcast, “ACE from the Field: Carric ‘DEFCON Goon’ Dooley,” as Carric Dooley, Senior Security Consultant from Microsoft ACE Team, talks about his broad security experience including pen testing (on non-Microsoft…


Blog Series: Get Familiar with the SDL-LOB (Security Development Lifecycle for Line-Of-Business Applications) Process

Hello, Anmol Malhotra here. I’m a Senior Security Engineer with ACE Team, a part of Microsoft IT Information Security group. I’d like to introduce you to the Security Development Lifecycle for Line-of-Business Applications (SDL-LOB) process.  As part of our continued commitment towards sharing security processes and recommendations with our customers, we’re excited to announce the…


TechNet Webcast: Configuring with Least Privilege in SQL Server 2008 (Level 300)

TechNet Webcast:  Configuring with Least Privilege in SQL Server 2008 (Level 300)  Tuesday, June 02, 2009 8:00 AM Pacific Time (US & Canada)   Presenter:   Varun Sharma, Security Engineer, Microsoft Corporation   Overview:  With SQL injection attacks on the rise, it is imperative to configure Microsoft SQL Server with least privilege. In this webcast, we…


TechNet Webcast: Fundamentals of Third-Party Security Management (Level 300)

TechNet Webcast:   Fundamentals of Third-Party Security Management (Level 300) Monday, June 01, 2009 10:00 AM Pacific Time (US & Canada) Presenter:   Gerard Morisseau, Senior Program Manager, Microsoft Corporation Overview:   In this webcast, learn the fundamentals for building a vendor security management program that provides reasonable assurance that third parties who are hosting and managing…


Infrastructure Security Design Review

Hello Everyone! My name is Shawn Rabourn and I am a Senior Security Consultant with ACE (Assessment, Consulting and Engineering) Services, a part Microsoft IT’s Information Security (InfoSec) group.  Sounds like a mouthful, I know.  Really, that is just my title.  I have a unique position within Microsoft where I can offer Security Guidance to…


ACE Infrastructure Security Services: An Overview

This is Rob Cooper, Senior Engineer for ACE Infrastructure (also known internally as ICE for you William Gibson fans). Thanks to Irfan Chaudhry, Director of the ACE Team, for giving us a good overview and history of ACE and how ACE’s role has expanded over the years. I’m with ACE Infrastructure (also known as ICE)….


Security as a Service: A Balancing Act

When I first joined Microsoft IT, I was intrigued by the concept of offering security assessment as an optional service to the business.  I was even more surprised to see how enthusiastically the business had embraced the concept.  You see, like many security professionals, I came from an organization where information security was widely perceived…


About ACE’s Information Security Assessment Service – Your Friendly Neighborhood Security Auditor

This is Gerard Morisseau, Senior Program Manager for ACE’s Information Security Assessment Services (ISAS).  ISAS offers several security assessment services aimed at helping Microsoft IT and the business assess their information security risks, improve controls environment, and strengthen their information security management systems.  Our most popular services include Information Security Risk Assessment, Controls Assessment Training…


Shrinking Budgets: Application Security Tools vs Process Tradeoff

An all too familiar scene repeated itself two weeks ago. My good friend & CISO of a mid-sized technology company, lets call him Alok, went into a budget planning meeting and came out as a shadow of his former self. To be more precise a 85% version of the Alok that I know. He had…