Trust, Security, and ResiliencyEmpowering the Information Society

Angela McKaySenior Security Strategist LeadGlobal Security Strategy and Diplomacy Trustworthy Computing

Understanding the Cyber Threat

ChallengesMany malicious actors Many motives

Similar techniques Shared integrated domain

Consequences hard to predict

Worst case scenarios alarming

Attribution

Cyber Threat Categories & Solutions

Cybercrime

Cyber Warfare

Military Espionage

Economic Espionage

www.microsoft.com/download Rethinking the Cyber Threat by Scott Charney

Enabling InteroperabilityMicrosoft has released portions of the U-Prove

technology to the open source community, customers, developers and the industry, in order to gather feedback. The following are available now:

Two specifications published under the Microsoft Open Specification Promise, making the technology and guidance available to a broad audience of commercial and open source developers

Open source software developer kits in C# and Java software developer kits available under the Berkley Software Distribution license

A Community Technology Preview of U-Prove, providing integration with Active Directory Federation Services 2.0, Windows Identity Foundation and Windows CardSpace v2

Trust

7

Decreasing Attacker ROISecurity

www.microsoft.com/security/sdl

The Microsoft Security Development Lifecycle - Simplified

GovernmentMedia Private

Sector& NGO’s

EmergencyResponders

Partnering for ResilienceResiliency

Microsoft Programs

Training - Security Cooperation Program (SCP)

Rapid Response Communications – SCPCert

Policy Guidance – Critical Infrastructure Partner Program

Defensive Security Information – Defensive Information Sharing Program (DISP)

Resiliency

www.microsoft.com/industry/publicsector/government/programs/default.mspx

Trust, security, and resiliency are challenges that must continually be addressed to move forward in the information society.The public and private sector should collaborate to:

• Build better mechanisms for making informed trust decisions and improving identity

• Increase the costs for cyber attackers

• Build more collaborative security relationships to mitigate risk

Calls To Action

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after

the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.