Microsoft Security Intelligence Report

Latest edition of Microsoft Security Intelligence Report is out.

Volume 13 of the Microsoft® Security Intelligence Report (SIRv13) provides in-depth perspectives on software vulnerabilities and exploits, malicious code threats, and potentially unwanted software in Microsoft and third-party software. Microsoft developed these perspectives based on detailed trend analyses over the past several years, with a focus on the first half of 2012.

HTML/Javascript continues to top the list when it comes to being platform for exploits.

You can download the full detailed report from here.

http://www.microsoft.com/en-us/download/details.aspx?id=34955

Security Development Conference

EVOLVING FROM PRINCIPLES TO PRACTICES

Industry and government decision makers are increasingly aware that operational security protections and regulatory compliance are insufficient in protecting global applications and infrastructures. Organizations are realizing the value of Security Development Lifecycle (SDL) practices and seek to accelerate adoption and articulate this value to management.

The inaugural Security Development Conference 2012 (SDC 2012) will bring together industry professionals to network and learn from security experts about Security Development Lifecycle (SDL) practices. SDC 2012 will include information for leaders in software engineering, process and business management who are responsible for accelerating the adoption and effectiveness of SDL practices in their organizations.

https://www.securitydevelopmentconference.com/main.aspx

Cloud Security Alliance Summit at RSA 2012

Summit Agenda

Keynote: “Solving Cloud Access Complexity Through a Broker Model”

The recommended cloud security stack, standards, and operating frameworks have rapidly evolved into a set of production quality best practices for the Enterprise to use to engage each cloud provider. However, as scale is applied, managing 1-n cloud relationships and services across hybrid environments points to a brokered or intermediary model to solve security complexity, aggregate services, & add new value. Intel will present how a Cloud Access Layer & CSA standards managed by IT, Integrators or Provider “brokers” can solve complexity for user and application service interactions with the cloud.

Keynote: “Securing an OpenStack Cloud”

Panel: “Cloud Innovation - The Panel's View on the Next Generation of Cloud Security Devices and Services”

This panel will give attendees insight into next generation cloud security devices and services. This panel will feature experts who will examine the next iteration of innovation in Cloud Security and how these devices and services advance the industry.

Panel: “National and International Security Standards - The Viability of Cross-Jurisdictional Solutions”

Today’s security standards are based on historical, legacy information technologies and don’t necessarily address cloud computing environments in an effective manner. Attempts to update them are an improvement, but will we be able to create a single (or limited) number of standards that will be viable across borders and jurisdictions? This panel discussion will cover the current standards, their applicability and a look into the future of cloud computing standards.

https://cloudsecurityalliance.org/events/csa-summit-rsa-2012/

Privacy Principles from Microsoft

Recently Microsoft released its Privacy principles based on which it provides privacy protections in software products and Internet services.

Here are they at high level:

• Accountability in handling personal information within Microsoft and with vendors and partners
• Notice to individuals about how we collect, use, retain, and disclose their personal information
• Collection of personal information from individuals only for the purposes identified in the privacy notice we provide
• Choice and Consent for individuals regarding how we collect, use, and disclose their personal information
• Use and Retention of personal information in accordance with the privacy notice and the consent that individuals have provided
• Disclosure or Onward Transfer of personal information to vendors and partners only for purposes that are identified in the privacy notice, and in a security-enhanced manner
• Quality Assurance steps to ensure that personal information in our records is accurate and relevant to the purposes for which it was collected
• Access for individuals who want to inquire about and, when appropriate, review and update their personal information in our possession
• Enhanced Security of personal information to help protect against unauthorized access and use
• Monitoring and Enforcement of compliance with our privacy policies, both internally and with our vendors and partners, along with established processes to address inquiries, complaints, and disputes

Loughborough University’s study on ‘Privacy Impact Assessments’ is an important work in this field.

Microsoft on Privacy

PIA Study

Free eBook : Claims based Identity and Access Control

Here is an interesting free eBook released by Microsoft’s patterns & practices team which covers the topic of claims based identity in detail.

With ever increasing mobility scenarios and focus on user experience, the need for SSO also increases.

It starts with discussing basics of Claims based identity and moves to Claims based architectures.

It also discuss the topic around various Microsoft technologies and mainly around cloud and Windows Azure.

Following industry standards are also discussed :

• Security Assertion Markup Language (SAML)
• Security Association Management Protocol (SAMP)
  and Internet Security Association
  and Key Management Protocol (ISAKMP)
• WS-Federation
• WS-Federation: Passive Requestor Profile
• WS-Security
• WS-SecureConversation
• WS-Trust

Download the eBook