|Welcome to February’s Security Newsletter!|
The theme for our newsletter this month focuses in on the importance of data classification in helping to manage risk for sensitive data. With the proliferation of devices on the market today, many IT professionals I talk with struggle with how to manage sensitive data on end point devices. For some, data classification has already become a part of their culture and plays a role in managing their organization’s data. For others though, this is either a new concept or one that organizations struggle to implement.
Given the importance and relevance of this topic in today’s environment, we have published two papers that are recommended reading for any IT professional seeking to learn more about data classification and how it can help organizations better manage risk:
Data Classification for Cloud Readiness" outlines the risks and issues that can be mitigated to ensure a smoother transition to a cloud service. The paper also discusses technologies such as encryption, rights management, and data loss prevention solutions and how their implementation has evolved in the cloud era. The paper’s appendix then identifies some of today’s top data classification regulations and compliance requirements.|
CISO Perspectives on Data Classification" provides insight from the chief information security officers (CISOs) of three organizations about key data classification issues and challenges, and how they have implemented data classification.|
In addition to these materials, I would also suggest checking out the video from our Cloud Fundamentals Video Series titled "
All Data is not Created Equal." If your organization has implemented a data classification process and believe others could benefit from your experiences, we want to hear from you. Please connect with us either through
email or via Twitter
| ||Best regards,|
Tim Rains, Director
Microsoft Trustworthy Computing
Have feedback on how we can improve this newsletter? Email us at
firstname.lastname@example.org share your ideas.
Now Available: EMET 5.0 Technical Preview|
Microsoft has released a new version of its Enhanced Mitigation Experience Toolkit (EMET), the EMET 5.0 Technical Preview. The new version offers new protections for enterprises that build on the 12 security mitigations included in version 4.1, for example, a new Attack Surface Reduction security mitigation and further refinements to Export Address Table Access Filtering (EAF). Learn how you can use the EMET 5.0 Technical Preview today to protect your software applications and better test and deploy security updates for applications that you run in your environment.
The NIST Cybersecurity Framework: A Significant Milestone towards Critical Infrastructure Resiliency
Developed over the past year through collaboration between industry and government, the National Institute of Standards and Technology (NIST) Cybersecurity Framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure. Explore Microsoft’s involvement in the development of the framework, and learn how Microsoft’s approach to managing cybersecurity risks is consistent with the Cybersecurity Framework’s security and privacy guidance.
Threats in the Cloud
Get guidance on how to manage the risks associated with two of the primary threats to cloud service providers and their customers:
attacks on the global Domain Name System (DNS) infrastructure and
Distributed Denial of Service (DDoS) attacks in the blog series from Microsoft Trustworthy Computing Director Tim Rains.
Dynamic Access Control with Windows Server 2012
Learn how you can apply data governance across your file servers to control who can access information and to audit who has accessed information with step-by-step guidance on how to plan for and deploy:
Microsoft Data Classification Toolkit
If your organization is running Windows Server 2012 or Windows Server 2008 R2 Service Pack 1, the Data Classification Toolkit can help you identify, classify, and protect the data on your file servers. The out-of-the-box classification and rule examples included in the toolkit can also help you build and deploy policies to protect critical information on the file servers in your environment.
Plan for Automatic File Classification
File Classification Infrastructure in Windows Server 2012 provides insight into your data by automating classification processes so that you can manage your data more effectively. Learn how to identify what information to classify in your environment, how to classify files, and how to export the configuration from a baseline computer to your file servers. Step-by-step
deployment guidance is also available.
BitLocker: Planning and Policies
BitLocker encrypts the hard drives on your computer to provide enhanced protection against data theft or exposure on computers and removable drives that are lost or stolen, and more secure data deletion when BitLocker-protected computers are decommissioned. Find out how to plan for a successful deployment of BitLocker by determining the appropriate policies and configuration requirements for your organization then learn how to
deploy BitLocker using the Microsoft Deployment Toolkit (MDT) and Windows PowerShell.
|This Month's Security Bulletins|
February 2014 Security Bulletins
February 2014 Security Bulletin Resources:
|Security Events and Training|
Microsoft Virtual Academy: Windows Server 2012 R2 Access and Information Protection|
In this course, you will learn how Windows Server 2012 R2 can help you provision, manage, and secure devices—and protect valuable data—while creating a seamless experience for the user. Looking for specific training on the Dynamic Access Control features in Windows Server 2012? Check out the
Windows Server 2012: Identity and Access course.
Microsoft Virtual Academy: Windows Azure Security Overview
Familiarize yourself with the security mechanisms included with Windows Azure at the physical, network, host, application, and data layers, including the privacy, policies, infrastructure, and security mechanisms designed to protect customer data.
Microsoft Webcast: Information about the March 2014 Security Bulletin Release
Wednesday, March 12, 2014 – 11:00AM Pacific Time
Join this webcast for a brief overview of the technical details of March’s Microsoft security bulletins. Ask questions and get answers from Microsoft security experts.
Overview of Office 365 for Government
Wednesday, March 19, 2014 – 11:00AM Pacific Time
Learn how Office 365 can help government employees collaborate and stay productive from anywhere with secure, cloud-based versions of familiar applications. Explore Office 365 and learn how Microsoft’s Government Community Cloud can help you increase productivity and reduce costs while keeping your data secure and compliant.
Microsoft Webcast: Information about the April 2014 Security Bulletin Release
Wednesday, April 9, 2014 – 11:00AM Pacific Time
Join this webcast for a brief overview of the technical details of April’s Microsoft security bulletins. Ask questions and get answers from Microsoft security experts.
TechEd North America 2014
May 12-15, 2014 – Houston, Texas
In 2014, Microsoft is bringing together the best of TechEd and the Microsoft Management Summit (MMS) to help skilled technology professionals increase their technical expertise, share best practices, and interaction with Microsoft and a variety of industry experts and their peers. Explore the security aspects of data platforms and business intelligence, datacenter and infrastructure management, people-centric IT, Windows (devices and Windows Phone), and much more.
| || |
| ||microsoft.com/about/twc||Trustworthy Computing|| |
| ||Microsoft respects your privacy. To learn more please read our online
Privacy Statement. |
If you would prefer not to receive the Microsoft Security Newsletter from Microsoft and its family of companies, please
click here. These settings will not affect any other newsletters you’ve requested or any mandatory service communications you’ve requested that are considered part of certain Microsoft services.
To set your contact preferences for other Microsoft communications,
| || |