Entries for Jossie Tirado

Dogfooding: Deployment & Product Influence [Dogfooding: Deployment & Product Influence]

Jossie Tirado — Tue, 03 Nov 2009 18:33:00 GMT

Steven Michalove, from Microsoft Information Security, concludes the dogfooding series where a product is tested on the enterprise, formally known as First & Best Program. For more information on the other phases of dogfooding a product in IT see Evaluating Risk and Security Related Features.

Steven describes how his team evaluates how to the deployment of a new technology will look like on the enterprise. Not only that but his team has the ability to influence a product by looking at what risk might look like in the future so those are considered on the development of the technology.

Read more on blog article Dogfooding: Product Influence or follow the ACE blog.

in reply to Dogfooding: Deployment & Product Influence

Dogfooding Security-Related Features [Dogfooding Security-Related Features]

Jossie Tirado — Tue, 27 Oct 2009 05:13:00 GMT

Yale Li and Price Oden, from Microsoft Information Security, explain the second phase of dogfooding a product on the enterprise, formally known as First & Best Program. This second step consists of doing a security assessment on specific features in the product. For the first phase go here.

With this assessment the organization may decide what are the strategies around those features, or opportunities. It is a very detailed step on the dogfooding process, where they go all the way back to design and functional specification documents. They describe how this worked for BitLocker To Go^TM.

Read more on blog article Dogfooding: Phase 2 or follow the ACE blog.

in reply to Dogfooding Security-Related Features

Dogfooding: Evaluating Risk [Dogfooding: Evaluating Risk]

Jossie Tirado — Wed, 21 Oct 2009 01:06:00 GMT

Don Nguyen and Mike Lange, from Microsoft Information Security, explain the first phase of dogfooding a product on the enterprise, formally known as First &Best Program. This first step consists of a risk assessment or design review on the product.

This phase is important as it allows them to look at the current policies as they are related to the technology already in place. Is it time to update the policies? Adjust the new technology? They describe how this worked for SQL 2008.

Read more on blog article Dogfooding: Phase 1 or follow the ACE blog.

in reply to Dogfooding: Evaluating Risk

Microsoft Information Security & Dogfooding [Microsoft Information Security & Dogfooding]

Jossie Tirado — Mon, 12 Oct 2009 07:14:00 GMT

Mark Smith, from Microsoft Information Security, provides a glimpse at how Microsoft “dogfoods” its products. When launching a new product naturally there’s a concern about how a product will perform. Ever wonder about the process?

This is part of a series of videos around Information Security and Dogfooding. We will discuss some success stories and some of the processes involved in running products on the enterprise before they are ready for release.

To learn more at the Information Security blog.

in reply to Microsoft Information Security & Dogfooding

How Microsoft Uses Risk Tracker to Reduce Risk [How Microsoft Uses Risk Tracker to Reduce Risk]

Jossie Tirado — Wed, 30 Sep 2009 12:59:00 GMT

Sarah Pickard from Microsoft Information Security gives a hands-on demonstration on how the business uses the Risk Tracker application. Built using CISF (Connected Information Security Framework) this application captures and tracks high level security risks to effectively reduce risk at Microsoft.

She explains how this application helps an organization to manage, track, report, associate, as well as assign risk to an entity.

To learn more about this application and stay up to date on the latest news, read the following blogs from Information Security and previous posts from the Security Tools Team blog.

To see an overview of what the Risk Tracker application is watch the video: Risk Tracker: Reducing Risks at Microsoft.

Risk Tracker sample application download

in reply to How Microsoft Uses Risk Tracker to Reduce Risk

Risk Tracker: Reducing Risks at Microsoft [Risk Tracker: Reducing Risks at Microsoft]

Jossie Tirado — Wed, 16 Sep 2009 16:47:00 GMT

Sarah Pickard and Mark Curphey from Microsoft Information Security talk about the release of the Risk Tracker application. Built using CISF (Connected Information Security Framework) this application captures and tracks high level security risks to effectively reduce risk at Microsoft.

They explain how the business uses this application and how it will help organizations manage, track, report, associate, as well as assign risk to an entity.

To learn more about this framework and stay up to date on the latest news, read the following blogs from Information Security and previous posts from the Security Tools Team blog.

Risk Tracker sample application download

in reply to Risk Tracker: Reducing Risks at Microsoft

CISF: Build Custom Security Solutions [CISF: Build Custom Security Solutions]

Jossie Tirado — Wed, 16 Sep 2009 16:46:00 GMT

Mark Curphey and Marius Grigoriu, from Microsoft Information Security, talk about the release of the first version of Connected Information Security Framework (CISF). A software development framework comprising of API’s and reusable components that is designed to create bespoke or custom information security and risk management solutions like Risk Tracker.

Microsoft’s IT Information Security Tools Team designs and develops CISF to “engineer the security delta” meaning as a way to rapidly meet business requirements and create functionality that doesn’t exist or is not yet available in their product range.

They explain benefits found on this framework including:

Building information security applications cheaper, faster, and better
Migrate applications efficiently and effectively to their products when they become available

To learn more about this framework and stay up to date on the latest news, read the following blogs from Information Security and previous posts from the Security Tools Team blog.

CISF CTP download

in reply to CISF: Build Custom Security Solutions

ACE from the Field: Laura A. Robinson on the Realities of Security [ACE from the Field: Laura A. Robinson on the Realities of Security ]

Jossie Tirado — Tue, 01 Sep 2009 16:54:00 GMT

We’ve invited Talhah Mir, from Microsoft Information Security, to interview folks from the ACE Team that currently work on the field for a weekly video series.

Laura has worked with and for enterprise customers in financial services, bio-pharma, energy and other industries, focusing on security since the mid-nineties. Over the last fifteen years, she has been passionate about understanding both the functional and security needs of businesses and developing a workable balance between the two. Listen to her thoughts around cloud computing and its future in the enterprise.

See more stories on www.msinfosec.com

in reply to ACE from the Field: Laura A. Robinson on the Realities of Security

ACE From the Field: Adam Arndt [ACE From the Field: Adam Arndt]

Jossie Tirado — Tue, 18 Aug 2009 16:38:00 GMT

We’ve invited Talhah Mir, from Microsoft Information Security, to interview folks from the ACE Team that currently work on the field for a weekly video series.

Adam, who is based out of Dublin, Ireland was visiting the homebase in Redmond. We discuss his thoughts on encryption technology, customer experiences as well as his thoughts on some of the most common pitfalls in security… and we do this while he can see the taxi outside the window waiting to take him to the airport.

See more stories on www.msinfosec.com.

in reply to ACE From the Field: Adam Arndt

ACE From the Field: Roger Grimes & Securing the Internet [ACE From the Field: Roger Grimes & Securing the Internet]

Jossie Tirado — Thu, 30 Jul 2009 01:17:00 GMT

We’ve invited Talhah Mir, from Microsoft Information Security, to interview folks from the ACE Team that currently work on the field for a weekly video series.

Roger visited us from Virginia Beach, VA. In this interview, Roger discusses his lifelong passion for making the internet more secure. Starting his security career by disassembling viruses for John MacAfee, after two decades of security experience Roger has co-authored 8 different books on computer security, over 200 magazine articles and writes on the security column for InfoWorld. Roger discusses his viewpoints on how security has evolved and where we stand today. He shares his thoughts on how the internet can be fixed, and how most of the hacks can actually be avoided by the user.

See more stories on www.msinfosec.com.

in reply to ACE From the Field: Roger Grimes & Securing the Internet

ACE From the Field: Carric 'DEFCON Goon' Dooley [ACE From the Field: Carric 'DEFCON Goon' Dooley]

Jossie Tirado — Thu, 23 Jul 2009 20:24:00 GMT

We’ve invited Talhah Mir, from Microsoft Information Security, to interview folks from the ACE Team that currently work on the field for a weekly video series.

Carric visited us recently in Redmond from his hometown of London, UK. In this interview, Carric brings his broad experience in the security field (including his work at Foundstone) to discuss thoughts on penetration testing, completeness of security assessments, regulatory compliance as well as the current landscape of security with ubiquity of data and other items including Microsoft’s progress in security. Come learn about the “hot sexy ju ju” and why always following it may not be a sound security strategy. We’ll be sure to discuss his experience as a member of the physical security team at DEFCON next time around.

See more stories on www.msinfosec.com

in reply to ACE From the Field: Carric 'DEFCON Goon' Dooley

SDL-LOB Phase 1: Risk Assessment [SDL-LOB Phase 1: Risk Assessment]

Jossie Tirado — Wed, 24 Jun 2009 00:57:00 GMT

Before the design of an application, the first phase of the SDL-LOB (Security Development Lifecycle for Line-of-Business applications) includes Risk Assessment.

Eva Chow, from Information Security, interviews Sam Chughtai, Risk Assessment team, where they discuss how Microsoft has an inventory of all the internal applications, triggering an initial questionnaire that is able to recommend the assessments the application needs to undergo.

To learn more about SDL-LOB and Microsoft Information Security, go here.

in reply to SDL-LOB Phase 1: Risk Assessment

Infrastructure Security on Mergers & Acquisitions [Infrastructure Security on Mergers & Acquisitions]

Jossie Tirado — Tue, 19 May 2009 16:32:00 GMT

The Assessment, Consulting & Engineering (ACE) Infrastructure Security team, part of Microsoft Information Security, is dedicated to secure the platforms on which applications reside.

Kristina Neyens explains how the security reviews happen when engaged during an acquisition project and how ACE provides security guidance through the integration or migration of a company as well a she explains some of the value added to that business and Microsoft overall.

If you want to learn more about ACE Infrastructure security, you can read more on their blog.

in reply to Infrastructure Security on Mergers & Acquisitions

Infrastructure Security Engineering [Infrastructure Security Engineering]

Jossie Tirado — Mon, 04 May 2009 21:52:00 GMT

How do you balance security? Does security belong on the application or on the infrastructure side? Rob Cooper describes how this is no easy task.

The Assessment, Consulting & Engineering (ACE) Infrastructure Security team, part of Microsoft Information Security, is dedicated to secure the platforms on which applications reside.

If you want to learn more about ACE Infrastructure security, you can read more on their blog.

in reply to Infrastructure Security Engineering

Infrastructure Security Assessments [Infrastructure Security Assessments]

Jossie Tirado — Mon, 27 Apr 2009 08:37:00 GMT

The Assessment, Consulting & Engineering (ACE) Infrastructure Security team, part of Microsoft Information Security, is dedicated to secure the platforms on which applications reside.

What's considered a risk? Gerard Morisseau, describes how their risk model works and how they identify security maturity levels in different environments inside and outside of Microsoft.

If you want to learn more about ACE Infrastructure security, you can read more on their blog.

in reply to Infrastructure Security Assessments

About Infrastructure Security [About Infrastructure Security]

Jossie Tirado — Mon, 20 Apr 2009 16:03:00 GMT

The Assessment, Consulting & Engineering (ACE) Infrastructure Security team, part of Microsoft Information Security, is dedicated to secure the platforms on which applications reside.

Brad Gobble, manager of this team, describes how this team works inside and outside of Microsoft in this short conversation. He answers some of the questions regarding when a security review at this level is needed and how it works.

If you want to learn more about ACE Infrastructure security, you can read more on their blog.

in reply to About Infrastructure Security