security program

Microsoft releases new security APIs

Fri, 01 Feb 2008 06:59:56 -0500

Windows Vista SP1 and Windows XP SP3 might almost be upon us but that doesn't mean that Microsoft doesn't have a few surprises up its sleeve with regard to the service packs. To wit, the company has announced that new security-related APIs will be made available with the service packs, making it easier for developers to plug into the Data Execution Prevention (DEP) technology that's built-into Windows. DEP is designed to prevent certain types of exploits, like common buffer overflow attacks, by blocking the attack code from being executed in a machine's memory. With the new APIs, it should be easier for developers to take advantage of DEP protection in the applications that they build. "We can now allow the application to be protected, even if the developer is using an old version of [Active Template Library]," said Michael Howard, principal security program manager at Microsoft. "DEP is a good defense, and we want to make it easier for developers to use it."

For more on the new APIs:
- see this ComputerWorld article

ChoicePoint's security turnaround

Mon, 28 May 2007 20:01:37 -0400

ChoicePoint's CIO Darryl Lemecha knows a thing or two about security problems. Three years ago, a thief fraudulently obtained access to the company's customer information and ChoicePoint has since been doing all it can to recover from the debacle, including a complete overhaul of its security program. Since the incident, the company has been slapped with a fine of $15 million by the FTC--$10 million in civil penalties and $5 million for an FTC-administered fund to help consumers. As part of his security overhaul, Lemecha instituted a set of corporate governance principles others can follow: get everyone involved, continuously train, set expectations, actively audit and monitor, and be transparent in your actions.

Read about Lemecha's security turnaround in his own words:
- see this article in Optimize Magazine

No more Mr. Nice Guy

Mon, 05 Feb 2007 19:01:39 -0500

Sometimes, it pays to say no. A new study from Microsoft has found that allowing users to buy what they want and use their PCs the way they want can cost a company big bucks. The study found, for example, that simple across-the-board rules like automating password resets, managing PC firewalls with a centralized and comprehensive security program, ensuring that users install only software sanctioned by the IT department and limiting the PC settings users can change manually can save companies a significant amount of money. The study, of course, encouraged companies to use Microsoft technologies but it really comes down to common sense. Give people the ability to use technology, but don't let them run amok.

Read more about standardizing IT use in the workplace:
- read the blog at CIO

Windows exec makes a unique Vista security claim

Sun, 12 Nov 2006 19:01:38 -0500

Whether it's just a marketing ploy or not, the fact that Windows co-President Jim Allchin lets his son work on a PC free of any anti-virus software is a statement that you can't ignore. As Allchin explains, he's so confident that Vista is secure that he doesn't think any other security program is necessary. Yet, as one security expert notes, the fact that his son is in elementary school and the machine is locked down with parental control features is somewhat of a unique situation. Security analysts say Vista requires anti-virus software as typical users are downloading files on a pretty regular basis.

For more on Allchin's Vista security claim:
- check out this item at InformationWeek

Related Articles:
Big concerns over Vista security features. Report
Ballmer's take on Vista's market impact. Report
Microsoft to security vendors: Hands off my kernel. Report

How Cisco protects its own networks

Sun, 13 Aug 2006 20:01:38 -0400

Most of us aren't too concerned about how vendors are dealing with the same security issues hitting today's enterprises, yet since some of those same vendors push out products that feature risk issues now and then, it can be enlightening to learn how they're protecting their own networks and systems. That's the insight provided by Cisco's CSO John Stewart in an interview given this week. As Stewart says, his company has seen a surge in attacks on its networks, with a specific goal of knocking its electronic-commerce service using denial-of-service attacks near the end of each financial quarter. That's just one of the reasons it's got a multi-pronged security program running at full speed these days.

For more on how Cisco is boosting its own network security:
- read the interview at NetworkWorld

How T-Mobile is revamping its tech security

Wed, 07 Jun 2006 20:01:37 -0400

Following last year's highly-publicized data and network breaches, wireless vendor and telcom provider T-Mobile took action to ensure that it would never happen again. The vendor mapped out a a new asset protection division at the heartbeat of a new revamped security program in which all security issues and solutions now fall under a security leader. It's going to take about three years to pull together, but T-Mobile tech leaders are confident they're taking the right approach and that the internal business reorganization effort around tech security will provide the deep defense required against today's hackers.

For more on T-Mobile's revamped tech security efforts:
- read this article at CSO Online

SPOTLIGHT: Analysts' take on Microsoft security

Sun, 12 Feb 2006 19:01:33 -0500

You knew once Microsoft released the fact that it was planning to go head-to-head with security vendors, courtesy of its new OneCare security program, that industry analysts would swarm; and they have. Find out what they think of the pricing approach and why most are lukewarm about Microsoft's foray into the marketplace. Article