InfoSec A&P Suite – How to Use the Tools

InfoSec recently released their Assessment & Protection (A&P) Suite. To get the details of this suite, you can check out my last blog. Anil Revuru (RV) from the IST (Information Security Tools) team in his recent blog discusses how Web Protection Library v1.0 (WPL) Security Runtime Engine (SRE) has been significantly updated. RV walks you…

0

InfoSec Assessment & Protection (A&P) Suite Released

The Information Security Tools (IST) team has released the InfoSec Assessment & Protection (A&P) Suite. The suite is made up of a technology stack of protection and assessment tools.  Anil Revuru (RV) and Mark Curphey in their recent podcast, “Assessment and Protection Suite” introduce what’s in store for the future for the A&P Suite. The…

0

Dogfooding: How Microsoft IT Information Security Dogfoods

Hi Mark Smith here.  I’m a senior program manager on the Microsoft Information Security.  I’m kicking off our blog series providing you a glimpse into how Microsoft’s IT Information Security (InfoSec) dogfoods.  When launching a new product naturally there’s a concern about how a product will perform. Ever wonder about Information Security’s role in dogfooding…

0

How to Integrate Risk Tracker with Internal HR Feeds

I’ve been discussing the Risk Tracker v1.0 application built on the CISF (Connected Information Security Framework) developed by our own team, Microsoft Information Security Tools (IST) team.  Organizations who would like to deploy Risk Tracker in their own environments, Vineet Batta, senior software developer on Microsoft’s IST team, shares how in his blog, “How to…

0

Risk Tracker v1.0 Release

Recently I shared with you the release of the CISF (Connected Information Security Framework) and Risk Tracker version 1.0 application developed by the Microsoft Information Security Tools (IST) team.  Risk Tracker built on CISF framework will help organizations manage, track and report on risks.  Vineet Batta, Senior Software Developer from Microsoft’s IST team, in his…

0

Anti-XSS Library v3.1 Released!

The Microsoft Information Security Tools (IST) team has released the latest Microsoft Anti-Cross Site Scripting (Anti-XSS) Library version 3.1. How does a cross-site scripting (XSS) vulnerability occur? An example is when a web application does not encode the output that is sent to the browser, this can make the site susceptible XSS attacks as well…

2

Announcing the Connected Information Security Framework (CISF) and Risk Tracker

I’m excited to announce the release of the Connected Information Security Framework (CISF) developed by our own Microsoft Information Security Tools (IST) team. This software development framework comprises of API’s and reusable components that is designed to create bespoke or custom information security and risk management solutions. Built on the Microsoft core technology stack including…

0

Awareness – Part 3: Learning & Optimizing from Experience

In my last 2 posts on Information Security Awareness, I provided a little overview of the program and then discussed our framework around socializing security. I’d like to now discuss some of the things we’ve learned from driving awareness over the years and how we’re looking to optimize our awareness programs. There are 5 key…

0

Awareness – Part 2: Socializing Security

In my last post on Awareness, I discussed an overview of our Awareness program and how we break up our initiative into breadth campaigns and depth programs to cover both the generic and the specific. In this post, I’d like to discuss a little bit about the framework we use to build our messaging for…

0

Awareness – Part 1: Empowering the People

It’s well understood that security is a 3-pronged problem covering people, process and technology. Any solution devised to manage a given information security risk must effectively harmonize the people, the processes and the technologies to optimize the risk response. One of the things that I find interesting is that no matter how sophisticated and robust…

0