Our EMEA Security Program Manager, Henk van Roest, started this series internally and with his consent I am publishing it here in my blog as I think it contains a lot of great information for you to use.
So far, in the first 4 chapters, we have addressed the usual excuses for not Managing Your IT Environment and Security Updates:
- Security is not worth it, nothing ever happens and if it does it will be “no big deal”
- I installed the Microsoft updates, but my network was still compromised
- OK now I understand why Security is important but no idea how I start
- I now know what I want to do, I just don’t know how, I need training
Here we address the need for automation, cost reduction and standardization, Microsoft has literally hundreds of tools to help management assess risk and administrators implement security updates and policies.
Security Update Management Tools: http://technet.microsoft.com/en-gb/security/cc297183.aspx#EPC
Security Update Detection Tools: http://technet.microsoft.com/en-gb/security/cc297183.aspx#EID
Security Risk Assessment Tool: http://technet.microsoft.com/en-gb/security/cc297183.aspx#EUD
Lockdown, Auditing, Intrusion Detection, Remediation Tools: http://technet.microsoft.com/en-gb/security/cc297183.aspx#E2D
Virus and Malware Protection and Removal Tools & Apps: http://technet.microsoft.com/en-gb/security/cc297183.aspx#E1E
Reduce Your Risk: 10 Security Rules To Live By
This is from 2006 but it demonstrates on a conceptual level how the technology can change but the rules remain the same. Yet again we learn that Security is a Process, not a Product!
http://technet.microsoft.com/en-us/magazine/2006.05.reducerisk.aspx
Henk and Roger