Upload
wolfe
View
29
Download
0
Tags:
Embed Size (px)
DESCRIPTION
CSS Security. Progress, Innovation and Services. 2007 Bulletin Volume to CSS Dropped. Why less? Quality of security update and TESTING Quality of security bulletin. 52% Decline. Region View. Security Vulnerability Tracker. Successful Events with CSS Sec. - PowerPoint PPT Presentation
Citation preview
Why less?Quality of security update and TESTINGQuality of security bulletin
2
52%
Dec
line
3
CASES US EMEA Japan Korea APAC Gr China Total CasesTotal 13183 7825 3319 61 566 511 25469
% cases 51.8% 30.7% 13.0% 0.2% 2.2% 2.0%
LABOR US EMEA Japan Korea APAC Gr China Total HrsHours 13118 4280 3532 85 625 371 22010% labor 59.6% 19.4% 16.0% 0.4% 2.8% 1.7%
COST US EMEA Japan Korea APAC Gr China Total $$USD $1,723,667 $621,432 $425,919 $11,059 $81,757 $18,012 $2,881,846
% cost 59.8% 21.6% 14.8% 0.4% 2.8% 0.6%
Europol Cybercrime event (Dublin, Jan 14-17)
NPA Cybercrime Workshop (Tokyo, Dec 6-7)
CNCert Government Workshop, Shanghai Oct 23-25
Introduction of Chinese Language Vulnerability Reporting Channel
Vulnerability Reporting from China Security Experts
CSSSEC China Incident Response Team
Qualified vulnerability reporting to MSRC
A local reporting channel for efficient communication A filter to improve vulnerability reporting quality A local communication channel to build relationships with China security experts
Centralized Call Center
MonthlyMonthly
SecuritySecurity
Bulletins Bulletins
Security/Security/Patch AnalystPatch Analyst
GCR SGC Portal
SecuritySecurity
SpecialistsSpecialists
Program Program Manager Manager
Work Scope:•Monthly security bulletins readiness •Security helpdesk: question on security patches installation and testing. Average less than 15 mins per customer call.
SGC Operation TeamOwned by Security Core Team
Work Scope:•SGC internal portal development and maintenance•Monthly security patch installation management•Monthly business review •EPG customers management and internal/external communication
APGC CSS Security Team
APGC CS Team
•Leverage Siebel data and establish customer profile;•Monthly call out customer to confirm patch installation;•Collect customer feedback on SGC;
Providing security and training offerings for Premier customers worldwide
27 current official offerings
Law Enforcement focused offerings availableExpanding coverage as resources allow
Not all training available in all regions
Available in a variety of formats: Training / workshops / roundtable discussions
Cost is taken from Premier contract hoursLCA has (limited) Premier contract for LE workshopsTravel and Expenses requested from customers
CSS Security is uniquely positioned to utilize our talent
and worldwide presence
Partnership with worldwide financial organizations Create a more strategic relationship for information sharing and communicationFits into our existing MSRA programs
Building strong alliances to protect the ecosystem
Microsoft standard NDA required
•Share vulnerability info
•Drill Planning – Ensure Readiness
•Escalated channel for support
•Monthly Newsletter and Conference Calls
•Speaker Series
•Training and Workshops ($)
•Samples of threats in their business
phishing, viruses, malware
•Share suspect new vulnerabilities
•Monthly report sent on key security
incidents & threats
•Coverage on region and sector
specific threats
Provide viable candidates from your region
Looking to pilot with 5-10 worldwide financial institutions May 1st
Any candidate that has had pain points around targeted attacks and security vulnerabilities are top priorityFocus on those in need of a stronger relationship with Microsoft
Today:
Scattered approach which randomizes and burns out various Microsoft staff trying to be heroes for a good cause Most often not run as true projects with timelines, deliverables, and accepted risks Often falls short of goal of identifying and eliminating or mitigating likely security scenarios
Tomorrow:
Seasoned, Microsoft team approach with TwC, MSRC, Services, Product Teams, CSS, Account Teams Infrastructure Review with Risk and Vuln Assessments delivered in timely fashion Emergency Response Plans as deliverable
Defense in DepthEnterprise Security ManagementHistory of MalwareForefront Workshops (Product Intro)Patch Management Security Crisis ManagementSecurity Health Check
APAC EMEA China KoreaAmerica
sAPAC EMEA China Japan