Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

CTO-Cybersecurity Forum-Angela McKay


Published on

  • Be the first to comment

  • Be the first to like this

CTO-Cybersecurity Forum-Angela McKay

  1. 1. Trust, Security, and ResiliencyEmpowering the Information Society<br />Angela McKay<br />Senior Security Strategist Lead<br />Global Security Strategy and Diplomacy Trustworthy Computing <br />
  2. 2. Understanding the Cyber Threat<br />Challenges<br />Many malicious actors<br />Similar techniques<br />Many motives<br />Shared integrated domain<br />Consequences hard to predict<br />Worst case scenarios alarming<br />Attribution<br />
  3. 3. Cyber Threat Categories & Solutions<br />Economic Espionage<br />Cybercrime<br />Cyber Warfare<br />Military Espionage<br /> the Cyber Threat by Scott Charney<br />
  4. 4. Trust<br />Trust in the Info Society <br />Reputation<br />Establishment<br />Mechanisms to uniquely identify, authenticate, and establish trust<br />Revocation<br />Mechanisms for revoking claims<br />Identity<br />Minimal Disclosure<br />Mechanisms to limit information revealed to only what is essential for the transaction<br />Broker-mediated Disclosure<br />Mechanisms enabling trusted 3rd-parties to minimize data shared<br />Privacy<br />
  5. 5. Trust<br />Enabling Interoperability<br />Microsoft has released portions of the U-Prove technology to the open source community, customers, developers and the industry, in order to gather feedback. The following are available now:<br />Two specifications published under the Microsoft Open Specification Promise, making the technology and guidance available to a broad audience of commercial and open source developers<br />Open source software developer kits in C# and Java software developer kits available under the Berkley Software Distribution license<br />A Community Technology Preview of U-Prove, providing integration with Active Directory Federation Services 2.0, Windows Identity Foundation and Windows CardSpace v2<br />
  6. 6. Security<br />Exploit Economics<br />
  7. 7. Security<br />Decreasing Attacker ROI<br />The Microsoft Security Development Lifecycle - Simplified<br /><br />7<br />
  8. 8. Resiliency<br />Responding with Agility and Expertise<br />Alert<br />and Mobilize<br />Assess<br />andStabilize<br />Watch<br />Resolve<br /><ul><li>Provide information and tools to restore normal operations
  9. 9. Appropriate solution is provided to customers, such as a security update, tool or fix
  10. 10. Conduct internal process reviews and gather lessons learned
  11. 11. Assess the situation and the technical information available
  12. 12. Start workingon solution
  13. 13. Communicate initial guidance and workarounds to customers, partners and press
  14. 14. Notify and inform field support
  15. 15. Convene and evaluate severity
  16. 16. Mobilize security response teams and support groups into two main groups:
  17. 17. Emergency Engineering Team
  18. 18. Emergency Communications Team
  19. 19. Monitor customer support and press
  20. 20. Observe environment to detect any potential issues
  21. 21. Leverage existing relationships with:
  22. 22. Partners
  23. 23. Security researchers and finders
  24. 24. Monitor customer requests and press inquiries</li></ul><br />
  25. 25. Resiliency<br />Partnering for Resilience<br />Media<br />Emergency<br />Responders<br />Government<br />Private Sector<br />& NGO’s<br />
  26. 26. Resiliency<br />Microsoft Programs<br />Training - Security Cooperation Program (SCP)<br />Rapid Response Communications – <br />SCPCert<br />Defensive Security Information – <br />Defensive Information Sharing Program (DISP)<br />Policy Guidance – <br />Critical Infrastructure Partner Program<br /><br />
  27. 27. Trust, security, and resiliency are challenges that must continually be addressed to move forward in the information society.<br />The public and private sector should collaborate to:<br /><ul><li>Build better mechanisms for making informed trust decisions and improving identity
  28. 28. Increase the costs for cyber attackers
  29. 29. Build more collaborative security relationships to mitigate risk</li></ul>Calls To Action<br />
  30. 30. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.<br />The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.<br />