Why less?Quality of security update and TESTINGQuality of security bulletin

2

52%

Dec

line

3

CASES US EMEA Japan Korea APAC Gr China Total CasesTotal 13183 7825 3319 61 566 511 25469

% cases 51.8% 30.7% 13.0% 0.2% 2.2% 2.0%

LABOR US EMEA Japan Korea APAC Gr China Total HrsHours 13118 4280 3532 85 625 371 22010% labor 59.6% 19.4% 16.0% 0.4% 2.8% 1.7%

COST US EMEA Japan Korea APAC Gr China Total $$USD $1,723,667 $621,432 $425,919 $11,059 $81,757 $18,012 $2,881,846

% cost 59.8% 21.6% 14.8% 0.4% 2.8% 0.6%

Europol Cybercrime event (Dublin, Jan 14-17)

NPA Cybercrime Workshop (Tokyo, Dec 6-7)

CNCert Government Workshop, Shanghai Oct 23-25

Introduction of Chinese Language Vulnerability Reporting Channel

Vulnerability Reporting from China Security Experts

CSSSEC China Incident Response Team

Qualified vulnerability reporting to MSRC

A local reporting channel for efficient communication A filter to improve vulnerability reporting quality A local communication channel to build relationships with China security experts

Centralized Call Center

MonthlyMonthly

SecuritySecurity

Bulletins Bulletins

Security/Security/Patch AnalystPatch Analyst

GCR SGC Portal

SecuritySecurity

SpecialistsSpecialists

Program Program Manager Manager

Work Scope:•Monthly security bulletins readiness •Security helpdesk: question on security patches installation and testing. Average less than 15 mins per customer call.

SGC Operation TeamOwned by Security Core Team

Work Scope:•SGC internal portal development and maintenance•Monthly security patch installation management•Monthly business review •EPG customers management and internal/external communication

APGC CSS Security Team

APGC CS Team

•Leverage Siebel data and establish customer profile;•Monthly call out customer to confirm patch installation;•Collect customer feedback on SGC;

Providing security and training offerings for Premier customers worldwide

27 current official offerings

Law Enforcement focused offerings availableExpanding coverage as resources allow

Not all training available in all regions

Available in a variety of formats: Training / workshops / roundtable discussions

Cost is taken from Premier contract hoursLCA has (limited) Premier contract for LE workshopsTravel and Expenses requested from customers

CSS Security is uniquely positioned to utilize our talent

and worldwide presence

Partnership with worldwide financial organizations Create a more strategic relationship for information sharing and communicationFits into our existing MSRA programs

Building strong alliances to protect the ecosystem

Microsoft standard NDA required

•Share vulnerability info

•Drill Planning – Ensure Readiness

•Escalated channel for support

•Monthly Newsletter and Conference Calls

•Speaker Series

•Training and Workshops ($)

•Samples of threats in their business

phishing, viruses, malware

•Share suspect new vulnerabilities

•Monthly report sent on key security

incidents & threats

•Coverage on region and sector

specific threats

Provide viable candidates from your region

Looking to pilot with 5-10 worldwide financial institutions May 1st

Any candidate that has had pain points around targeted attacks and security vulnerabilities are top priorityFocus on those in need of a stronger relationship with Microsoft

Today:

Scattered approach which randomizes and burns out various Microsoft staff trying to be heroes for a good cause Most often not run as true projects with timelines, deliverables, and accepted risks Often falls short of goal of identifying and eliminating or mitigating likely security scenarios

Tomorrow:

Seasoned, Microsoft team approach with TwC, MSRC, Services, Product Teams, CSS, Account Teams Infrastructure Review with Risk and Vuln Assessments delivered in timely fashion Emergency Response Plans as deliverable

Defense in DepthEnterprise Security ManagementHistory of MalwareForefront Workshops (Product Intro)Patch Management Security Crisis ManagementSecurity Health Check

APAC EMEA China KoreaAmerica

sAPAC EMEA China Japan