蓝灰稳重风格PPT模板

MicrosoftSecurityStrategyStevenAdlerProductManagerMicrosoftEMEA新浪微博营销案例分享SessionAgendaFocusonCustomerChallengesMicrosoftSecurityStrategySecureWindowsInitiativeStrategicTechnologyProtectionProgramTrustworthyComputingBuildingthesecureplatform.NETFrameworkWindows.NETSummaryQuestions新浪微博营销案例分享Technology,Process,PeopleWhatarethechallenges?ProductslacksecurityfeaturesProductshavebugsInsufficienttechnicalstandardsDifficulttostayup-to-dateDesignforsecurityRoles&responsibilitiesVigilanceBusinesscontinuityplansStayup-to-datewithsecuritydevelopmentProblemrecognitionSkillsshortageHumanerrorPeople新浪微博营销案例分享新浪微博营销案例分享TrustworthyComputingStrategicTechnologyProtectionProgramSecureWindowsInitiativeMicrosoftSecurityStrategySecureWindowsInitiative“EngineeringForSecurity”Goal:EliminateEverySecurityVulnerabilityBeforeTheProductShipsPeopleProcessTechnology新浪微博营销案例分享IndustryYardstick05101520253035MandrakeSoftLinuxMandrake7.2RedHatLinux7.0MandrakeSoftLinuxMandrake7.1DebianLinux2.2SunSolaris8.0SunSolaris7.0MicrosoftWindows2000MandrakeSoftLinuxMandrake7.0SCOOpenServer5.0.6RedHatLinux6.2i386Source:SecurityFocus(i.e.RPCsecuritystress)新浪微博营销案例分享SecureWindowsInitiativeExternalSecurityReviewFIPS140-1evaluationofCryptographicServiceProvider(CSP)–CompletedGovernmentvalidationofbasecryptoalgorithmsinWindowsCommonCriteriaevaluation–InPreparationEvaluationofWindowssourcecodeagainstInternationalsecuritycriteriaforevaluatingThirdpartyexpertreviewofkeycomponentsSourcecodelicensedtoover80universities,labs,andgovernmentagencies新浪微博营销案例分享Goal:HelpcustomerssecuretheirWindowsSystemsPeopleProcessTechnologyStrategicTechnologyProtectionProgramStrategicTechnologyProtectionProgram-CustomersNeedOurHelpIdidn’tknowwhichpatchesIneededIdidn’tknowwheretofindtheupdatesIdidn’tknowwhichmachinestoupdateWeupdatedourproductionservers,buttherogueserversgotinfectedMorethan50%ofthecustomersaffectedbyCodeRedwerenotpatchedintimeforNimda新浪微博营销案例分享STPP:“GetSecure”Coming-EnterpriseSecurityToolsMicrosoftBaselineSecurityAnalyzerSMSsecuritypatchrollouttoolWindowsUpdateAuto-updateclientNow-MicrosoftSecurityToolkitServerorientedsecurityresources.Newserversecuritytoolsandupdates,WindowsUpdatebootstrapclientforWindows2000Now-SecurityAssessmentProgramOfferingAvailableimmediatelythroughMCS/PSSNow-FreeVirusSupportHotlineContactyourlocalPSSofficeGetSecureMicrosoftSecurityToolkitGetsWindowsNTand2000systemstosecurebaseline,evendisconnectednetAutomatesserverupdatesOne-buttonwizardandSMSScriptsUpdatesandPatchesIncludesallServicePacksandcriticalOSandIISpatchesthrough10/15HFNetchk:patchlevelverifierIISLockdown&URLScan新浪微博营销案例分享STPP:“StaySecure”Ongoing-EnhancedProductSecurityProvidegreatersecurityenhancementsinthereleasesofallnewproducts,includingtheWindows.NETServerfamilySpring2002-FederatedCorporateWindowsUpdateProgramAllowsenterprisetohostandselectWindowsUpdatecontentSpring2002-Windows2000ServicePack(SP3)ProvideabilitytoinstallSP3+securityrollupwithasinglerebootJan.2002-Windows2000SecurityRollupPatchesBundleallsecurityfixesinsinglepatchesReducesrebootsandadministratorburdenCorporateUpdateServerSolutionAutomaticUpdate(AU)clientAutomaticallydownloadandinstallcriticalupdatesSecuritypatches,highimpactbugfixesandnewdriverswhennodriverisinstalledforadeviceChecksWindowsUpdateserviceorCorporateUpdateserveronceadayNew!InstallatscheduletimeafterautomaticdownloadsAdministratorcontrolofconfigurationviaregistry-basedpolicySupportforWindows.NETServer,WindowsXPandWindows2000UpdateserverCorporatehostedWUservertosupportdownloadandinstallofcriticalupdatesthroughAUclientServersynchronizeswiththepublicWindowsUpdateserviceSimpleadministrativemodelviaIEUpdatesarenotmadeavailabletoclientsuntiltheadministratorapprovesthemRunsonWindows.NETServerandWindows2000Server新浪微博营销案例分享TrustworthyComputingGoal:Makedevicespoweredbycomputersandsoftwareastrustworthyasdevicespoweredbyelectricity.ATrustTaxonomyAvailabilityAtadvertisedlevelsSuitabilityFeaturesfitfunctionIntegrityAgainstdatalossoralterationPrivacyAccessauthorizedbyend-userReputationSystemandproviderbrandSecurityResistsunauthorizedaccessQualityPerformancecriteriaDevPracticesMethods,philosophyOperationsGuidelinesandbenchmarksBusinessPracticesBusinessmodelPoliciesLaws,regulations,standards,normsIntentManagementassertionsRisksWhatunderminesintent,causesliabilityImplementationS