Reducing Operational Risk through Business Continuity Management

Hi all, I’m Tom Easthope, Sr. Program Manager on the Enterprise Business Continuity team at Microsoft. This blog entry is a companion to the video featuring my colleagues Phil Sodoma and Traci Bishop. In their video they talked about the several aspects of our business continuity program at Microsoft. The goal of any Business Continuity…

0

InfoSec A&P Suite – How to Use the Tools

InfoSec recently released their Assessment & Protection (A&P) Suite. To get the details of this suite, you can check out my last blog. Anil Revuru (RV) from the IST (Information Security Tools) team in his recent blog discusses how Web Protection Library v1.0 (WPL) Security Runtime Engine (SRE) has been significantly updated. RV walks you…

0

InfoSec Assessment & Protection (A&P) Suite Released

The Information Security Tools (IST) team has released the InfoSec Assessment & Protection (A&P) Suite. The suite is made up of a technology stack of protection and assessment tools.  Anil Revuru (RV) and Mark Curphey in their recent podcast, “Assessment and Protection Suite” introduce what’s in store for the future for the A&P Suite. The…

0

Dogfooding: How Microsoft IT Information Security Dogfoods

Hi Mark Smith here.  I’m a senior program manager on the Microsoft Information Security.  I’m kicking off our blog series providing you a glimpse into how Microsoft’s IT Information Security (InfoSec) dogfoods.  When launching a new product naturally there’s a concern about how a product will perform. Ever wonder about Information Security’s role in dogfooding…

0

How to Integrate Risk Tracker with Internal HR Feeds

I’ve been discussing the Risk Tracker v1.0 application built on the CISF (Connected Information Security Framework) developed by our own team, Microsoft Information Security Tools (IST) team.  Organizations who would like to deploy Risk Tracker in their own environments, Vineet Batta, senior software developer on Microsoft’s IST team, shares how in his blog, “How to…

0

Risk Tracker v1.0 Release

Recently I shared with you the release of the CISF (Connected Information Security Framework) and Risk Tracker version 1.0 application developed by the Microsoft Information Security Tools (IST) team.  Risk Tracker built on CISF framework will help organizations manage, track and report on risks.  Vineet Batta, Senior Software Developer from Microsoft’s IST team, in his…

0

Anti-XSS Library v3.1 Released!

The Microsoft Information Security Tools (IST) team has released the latest Microsoft Anti-Cross Site Scripting (Anti-XSS) Library version 3.1. How does a cross-site scripting (XSS) vulnerability occur? An example is when a web application does not encode the output that is sent to the browser, this can make the site susceptible XSS attacks as well…

2

Announcing the Connected Information Security Framework (CISF) and Risk Tracker

I’m excited to announce the release of the Connected Information Security Framework (CISF) developed by our own Microsoft Information Security Tools (IST) team. This software development framework comprises of API’s and reusable components that is designed to create bespoke or custom information security and risk management solutions. Built on the Microsoft core technology stack including…

0

Awareness – Part 3: Learning & Optimizing from Experience

In my last 2 posts on Information Security Awareness, I provided a little overview of the program and then discussed our framework around socializing security. I’d like to now discuss some of the things we’ve learned from driving awareness over the years and how we’re looking to optimize our awareness programs. There are 5 key…

0

Awareness – Part 2: Socializing Security

In my last post on Awareness, I discussed an overview of our Awareness program and how we break up our initiative into breadth campaigns and depth programs to cover both the generic and the specific. In this post, I’d like to discuss a little bit about the framework we use to build our messaging for…

0