Access "Microsoft's internal auditor discusses the company's IT security outlook"
Scott Charney is a man on the move. Since his appointment last April as Microsoft's "chief security strategist," he's logged more than 185,000 miles crisscrossing the country advocating better software security. If we don't do security well, people will migrate away from us. And if we don't do security right, they should. Scott Charney, chief security strategistMicrosoft, Inc. While Charney spends a lot of time on the road, his unit--the Security Strategies Group--is charged with being the internal security auditor for Microsoft's Trustworthy Computing effort. "In an organization of 55,000 people, it's not enough to put your finger in the dam. You have to fix the dam," says Charney. Charney's team of eight acts as part internal auditor that checks code development, part SWAT team that helps business units implement security plans and part evangelist preaching the virtues of better security. "My goal is how to figure to make our products, services and infrastructures more secure," he says. The Security Strategies Group is the only unit empowered to impose the... Access >>>
Premium Content for Free.
Microsoft security improving, while Trustworthy security lacks effort
by Lawrence M. Walsh
Microsoft is making significant strides to clean up its security mess, but Trustworthy Computing still has a long way to go.
Microsoft's internal auditor discusses the company's IT security outlook
Scott Charney is Microsoft's internal auditor, see what he and his team control.
NetIQ's five-point security architecture
Even with expanded support and agents, NetIQ's SIM product remains a Windows-centric solution.
- Microsoft security improving, while Trustworthy security lacks effort by Lawrence M. Walsh
Microsoft Security Response Center revamps its patch processes
Microsoft Security Response Center revamps its advisory and patch processes.
Profile: Symantec CEO John Thompson
Symantec's CEO breaks business and cultural barriers in his drive to build a security superpower.
How to address enterprise IT security concerns with executives
Five tips to win friends and influence C-level execs in your organization.
- Microsoft Security Response Center revamps its patch processes
Next-generation security awareness training
by Andrew Briney
Put your posters and buttons away. A more effective solution is at your fingertips.
Hacking in 2003: Examining this year's hacking techniques
A look at the foibles, follies and felons of infosec in 2003.
Using HoneyD configurations to build honeypot systems
by Marcus J. Ranum, Contributor
Spoofing, diversion and obfuscation are all part of honeyd's powerful arsenal.
Detecting a Linux server hack
by Jay Beale, Contributor
Learn how to detect if your Linux server have been hacked or compromised.
Tips and tricks for IDS deployment best practices
by Jack Danahy, Contributor
Intrusion detection remains an over-hyped technology because most companies have no idea what to do with it.
- Next-generation security awareness training by Andrew Briney
More Premium Content Accessible For Free
Cloud and mobility in the enterprise has caused a heightened need for organizations to take a closer look at next generation authentication ...
Virtualization and cloud computing are part and parcel of enterprise networks today. Virtualization security, however, is still a bolt-on affair ...
Mobile device security is one of the biggest nightmares InfoSec pros face in the era of bring your own everything (BYOE). Simply banning employees ...