Security Management Strategies for the CIOAccess "Ping: Karen Worstell"
This article is part of the July 2005 issue of Why business managers are a breed of security professional
As Karen Worstell decoded her final encryption exam, it became clear to the then-biology/chemistry student that her true calling was information security. Nearly 20 years later, the recently appointed Microsoft CISO is charged not only with securing what is arguably the biggest target on the Internet, but also with ensuring Microsoft's products meet high security standards. How do you keep Microsoft and its internal architecture secure? The thing that's cool about security is that it's such a complicated problem, and it touches every single part of IT. We use some very standard approaches that anyone would recognize—we have a defense-in-depth strategy. We run a pretty much perimeterless environment that's very focused on security at the host and application layers, as opposed to security out in the network. You also have a role in product quality control. What security checks do Microsoft products have to pass? Our product group has a security team that checks with its own security design lifecycles. Then, the product moves to the IT department in beta form.... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Linux's Best Friend
Thanks to YUM, Linux updates are as reliable as Old Yeller.
-
Corrent's SR110 SSL VPN Web Security Gateway
Read about Corrent's SR110 SSL VPN Web Security Gateway with Check Point Connectra 2.0.
-
Intrusion Detection: Tripwire's Enterprise 5.0
by Scott Sidel, Contributor
June 2005 review of Tripwire's Enterprise 5.0
-
The Business Case for Network Security: Advocacy, Governance and ROI
Read a review of the book: The Business Case for Network Security: Advocacy, Governance and ROI.
-
Amazing Access
Finding a comprehensive identity and access management architecture requires leadership to navigate the technology and implementation labyrinth.
-
All Aboard!
To gain buy-in and support for your security policies, it's best to start at the top.
-
Linux's Best Friend
-
-
Hot Pick: NetContinuum's NC-1000 Application Security Gateway 4.3
NetContinuum's NC-1000 Application Security Gateway v4.3
-
nCircle's IP360 Vulnerability Management System product review
Product review of nCircle's IP360 Vulnerability Management System pricing, setup, configuration, assessment, and installation feature information.
-
Recent Releases: Security product briefs, July 2005
Read about the security products released in July 2005.
-
Meet the New Champions
CIGNA makes business managers responsible for security.
-
Mission Impossible
Seven ways to leverage your infrastructure against spyware.
-
Hot Pick: NetContinuum's NC-1000 Application Security Gateway 4.3
-
Columns
-
Layer 8: When security is a losing battle
Realistic Expectations
-
Publisher's Note: Security goals
How important is malware defense in the minds of security professionals? You may be surprised by our 2005 Security Priorities survey.
-
Ping: Karen Worstell
Karen Worstell
-
Perspectives: Lessons learned in BS 7799 certification
Bank of Montreal shares seven lessons learned as it achieved BS 7799 certification.
-
Layer 8: When security is a losing battle
More Premium Content Accessible For Free
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...
Emerging threat detection techniques and products
E-Handbook
Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing ...
The rapid evolution of MDM solutions
E-Zine
Mobile device management (MDM) continues to grow at a feverish pace, both in terms of adoption and mobile security features. BYOD policies, and the ...