Community and MVP Computer Security Articles
Get real-world insights, advice, and best practices—as well as step-by-step tutorials around key security technologies and processes—from active IT professionals in the security community including Microsoft Most Valued Professionals (MVPs).
- CISO Perspectives: Data Classification (no longer available)
A key challenge for organizations is implementing an effective data classification process. Data classification can help organizations apply the right level of control for maintaining the confidentiality and integrity of their data. It can deliver significant benefits including improved ways to manage the organization’s resources, compliance efficiencies and can facilitate migration to the cloud. This article will discuss some of the key challenges, success factors, and potential solutions regarding data classification.
Security Keeps the Money Flowing: A Framework for Data Loss Prevention
The importance of protecting sensitive or important data is paramount for any business. While security technology today is amazingly advanced, so is the motivation and sophistication of the threat landscape. Explore a framework that can help you better evaluate data loss prevention (DLP) technologies for your organization.
- CISO Perspectives: Today’s Risk (no longer available)
In today’s rapid-change information security and data protection environment, there is a need to move from a reactive threat-based security model to a more proactive and efficient risk-based model. Gain insight from chief information security officers (CISOs) on some of the key challenges, success factors, and potential solutions for today’s risk environment.
- CISO Perspectives: Compliance in the Cloud (no longer available)
The shift to cloud computing provides an organization with the ability to focus on its core value proposition and allows for far greater flexibility and capital cost reductions. This shift often changes the way that organizations operate, and presents unique challenges to information security professionals. from chief information security officers (CISOs) on some of the key challenges, success factors, and potential solutions for compliance in the cloud.
Threat Modeling Made Easy
Managing risk in the enterprise is of utmost importance. The good news is that threat modeling is easier than most people think and is an effective process for systematically identifying and mitigating risk. Get some quick tips to help you kick start your own threat modeling project the right way.
End User Education in the Real World
Learn some valuable tips to employ when educating your users about security and privacy, and find out how to create an effective security awareness program.
Implementing a Secure BYOD Environment
Is your organization considering a "bring your own device" (BYOD) policy that would allow users to connect to your corporate network from their personal devices? Get tips to help you ensure that corporate data remains secure in spite of the introduction of these unmanaged devices into the corporate network.
Microsoft DirectAccess = Automatic VPN!
Find out how to address common connectivity and security-related headaches with traditional VPNs using Microsoft DirectAccess.
Using System Center Endpoint Protection
Explore the benefits of deploying System Center Endpoint Protection for Windows 8 and Windows Server 2012 computers.
Server Hardening with Windows Server 2012
Learn how to enhance the security of your server infrastructure using the Security Configuration Wizard in Windows Server 2012.
Virus Infection Prevention Best Practices for Small and Midsize Organizations
A surprising number of IT system administrators consider the simple use of antivirus programs and firewalls enough to provide reliable protection from trojans, viruses, and worms. This article outlines a simple, but effective infection prevention strategy that can work for even the smallest organization.
Small Business Does Not Mean Small Security
Your business may be smaller in size, but that does not mean you need to protect it any less than a large enterprise. Even a small security breach or incident can have major impact on a small and medium business. Learn what you can do, as a small or medium business owner, to protect yourself when even the big enterprises are falling victim to security attacks.
Patch Management on Business-Critical Servers
Software system security has come to depend on customer information technology (IT) organizations closely monitoring patches for vulnerabilities, and on the ability of those organizations to test and deploy the patches before they can be exploited. Discover best practices that can help you better manage and deploy patches, avoid downtime, and extend operating time without reboots.
The Evolution of Elevation: Threat Modeling in a Microsoft World
The concept of threat modeling is not new--you can’t design a secure system until you understand the threats to it, and what weaknesses an adversary might exploit in the system. Check out one IT professional's take on threat modeling in a Microsoft world.
Designing a Cloud-Based Mobile Application for Compliance
For rapid development and deployment of a mobile application using federated authentication, the cloud is often the fastest and most cost-effective option available. Using real-world scenarios, this article analyzes how a solution can be deployed securely and successfully to the cloud while still complying with industry security standards and requirements.
Virtualization: Security Best Practices
Learn about best practices for virtualization strategies, and how to use virtualization to consolidate hardware and reduce equipment, energy, and management costs.
How to Improve Network Security with Microsoft Solutions
Learn how to safeguard your network data and systems, and how to reduce security risks in your environment with Microsoft Solutions.
Why Do Security Research?
Get insight into one chief technology officer's evolving motivations for conducting security research and learn why security research is important for the health of your IT organization—and the computing industry as a whole.
Locking Down the Desktop: Client to Cloud
The integrity of cloud services requires that both users' computers and the servers hosting the users' data are healthy and secure. Get insights to help you ensure the appropriate level of protection in computers that attach to cloud services.
Why Now is the Time to Review Corporate Email Security
Explore considerations that can help you keep corporate email effective and help maintain safe email habits for your employees and your customers or partners.
Simple Firewall Best Practices for Small and Midsize Businesses
Learn what to keep in mind when planning for, and suggested best practices for effectively maintaining, firewalls.
Why You Should Consider Using IPsec Now
Learn why you may want to consider using Internet Protocol security (IPsec) for more than just virtual private network (VPN) connections.
How to Improve Security on the Edge with Windows Web Server 2008 and Internet Information Services
Explore how Windows Web Server 2008 and Internet Information Services (IIS) 7.0 deliver a platform for developing and hosting websites, services and more that enables IT professionals to—with some minor configurations—help minimize the risks of maintaining a Web server directly on the Internet.
The Napkin Sketch: An Overview of Secure Anywhere Access with Remote Desktop Services (RDS)
Explore the evolution of Terminal Services, now called Remote Desktop Services, and learn how to use this framework to help provide secure anywhere access to applications, remote desktops, and virtual desktop environments.
Database Security Best Practices for the Vigilant Database Administrator and Developer
Find out which key considerations you should keep in mind when planning to, optimizing the way you, store, purchase, and acquire data that are critical to your organization.
Securing the Cloud
Explore key security considerations for moving to the cloud and see why the core security requirements for your IT infrastructure will likely be the same.
Windows Server 2008 R2 Remote Access Options
Learn about the various remote access solutions available in Windows Server 2008 R2, including traditional PPTP or L2TP/IPsec VPN, SSL-encrypted HTTP VPN with SSTP, IPsec tunnel mode, and DirectAccess.
Best-Practice Recommendations for Using BitLocker
Get best practices on how to use BitLocker to protect and encrypt customer and company data, manage settings with Group Policy, and report on compliance with industry regulations.
IT Security Requirements for the New Decade
As technology innovations accelerate in the coming decade, find some best practices that may help take your IT security strategy to the next level.
Privacy Considerations for C Language Applications
Walk through some of the core aspects of privacy you should consider when developing applications, services, and Web sites using C development languages.
Microsoft Security Newsletter
Sign up for a free monthly roundup of security news, bulletins, and guidance for IT pros and developers.