Security and MicrosoftSecurity and Microsoft

Carolyn Burke, Carolyn Burke, MA, CISSPMA, CISSP Acting Senior Security Product Manager, Microsoft CanadaActing Senior Security Product Manager, Microsoft Canada

CEO, Integrity IncorporatedCEO, Integrity Incorporated

Welcome!!Welcome!!

Microsoft Trustworthy Computing Framework

Microsoft Trustworthy Computing Framework

SecuritySecurity The customer can expect that systems are The customer can expect that systems are resilient to attack, and that the confidentiality, resilient to attack, and that the confidentiality, integrity, and availability of the system and its integrity, and availability of the system and its data are protected.data are protected.

PrivacyPrivacy The customer is able to control their information and The customer is able to control their information and feel confident it is not only safe and used appropriately, feel confident it is not only safe and used appropriately, but in a way that provides value to them.but in a way that provides value to them.

ReliabilityReliability The customer can depend on the product to fulfill its The customer can depend on the product to fulfill its functions.functions.

Business IntegrityBusiness Integrity The vendor of a product behaves in a responsive and The vendor of a product behaves in a responsive and responsible manner.responsible manner.

GOALS

Microsoft Trustworthy Computing Framework

SecuritySecurity The customer can expect that The customer can expect that systems are resilient to attack, systems are resilient to attack, and that the confidentiality, and that the confidentiality, integrity, and availability of the integrity, and availability of the system and its data are system and its data are protected.protected.C

AI

SecuritySecurity The customer can expect that The customer can expect that systems are resilient to attack, systems are resilient to attack, and that the and that the confidentialityconfidentiality, , integrityintegrity, and , and availabilityavailability of the of the system and its data are system and its data are protected.protected.

Microsoft Trustworthy Computing Framework

Committed to improving our products and services

Security is the utmost priority

Affecting change in developing, releasing, and supporting our products

Four security components• 3D + C

Secure By Design

Secure By Default

Secure In Deployment

Communications

Microsoft Trustworthy Computing Framework

C

DDD

Microsoft Trustworthy Computing Framework

Secure by Design, Secure by Default, Secure in Deployment

Steps have been taken to protect the confidentiality, integrity, and availability of data and systems at every phase of the software development process—from design, to delivery, to maintenance.

Means

Microsoft Trustworthy Computing Framework

Means

• Secure by Design, Secure by Default, Secure in Deployment• Fair Information Principles• Availability• Manageability• Accuracy• Usability• Responsiveness• Transparency

Microsoft Trustworthy Computing FrameworkExecutionExecution

•Company policies, directives, benchmarks, and guidelines

•Contracts and undertakings with customers, including SLAs

•Corporate, industry and regulatory standards

•Government legislation, policies, and regulations

•Risk analysis

•Development practices, including architecture, coding, documentation, and testing

•Training and education

•Terms of business

•Marketing and sales practices

•Operations practices, including deployment, maintenance, sales & support, and risk management

•Enforcement of intents and dispute resolution

•Self-assessment

•Accreditation by third parties

•External audit

Intents

Implementation

Evidence

Microsoft Trustworthy Computing Framework

PolicyPolicy

ProcessingProcessing ComplexityComplexity Hardware, Hardware,

RedundancyRedundancy Machine-to-Machine Machine-to-Machine

ProcessesProcesses

IdentityIdentity

PeoplePeople

ProgrammingProgramming ToolsTools InteroperabilityInteroperability Conceptual modelsConceptual models

Fundamental problems to addressFundamental problems to address

Microsoft Trustworthy Computing Framework

Essential also to our economy and society at largeEssential also to our economy and society at large

Multi-dimensional set of issues Multi-dimensional set of issues

Hard problems that require fundamental research and Hard problems that require fundamental research and advances in engineering will remain.advances in engineering will remain.

Step up to the challenge of tackling these problemsStep up to the challenge of tackling these problems

Microsoft Trustworthy Computing FrameworkYear in review: 2003Year in review: 2003 Windows Server 2003 development team Windows Server 2003 development team

actually actually halted productionhalted production to do a to do a complete security review of the product complete security review of the product before shipping before shipping

Exchange Server 2003, Office System Exchange Server 2003, Office System 2003, Rights Management Services, 2003, Rights Management Services, Systems Management Server 2003Systems Management Server 2003

More than 11,000 engineers in the More than 11,000 engineers in the company have and continue to receive company have and continue to receive specialized training in writing secure code.specialized training in writing secure code.

Microsoft Trustworthy Computing FrameworkYear in review: 2003 HighlightsYear in review: 2003 Highlights MayMay Virus Information AllianceVirus Information Alliance AugustAugust Protect Your PC campaignProtect Your PC campaign OctoberOctober $5M million reward$5M million reward

Partnered with the U.S. Secret Service, FBI and Partnered with the U.S. Secret Service, FBI and Interpol to launch a Interpol to launch a

OctoberOctober Launch: Security Mobilization Launch: Security Mobilization DecemberDecember

patch management processes, policies and patch management processes, policies and technologiestechnologies

global security guidance education programsglobal security guidance education programs develop new safety technologies in Windows develop new safety technologies in Windows

XP, Windows Server 2003XP, Windows Server 2003

Microsoft Trustworthy Computing Framework20042004 Microsoft is fully committed to the long-term Microsoft is fully committed to the long-term

success of the Trustworthy Computing initiative:success of the Trustworthy Computing initiative: collaborate worldwide to address critical technology collaborate worldwide to address critical technology

trust issuestrust issues work to increase standardization of internal work to increase standardization of internal

development and quality assurance processes development and quality assurance processes companywidecompanywide

share practices and productize internal development share practices and productize internal development tools tools

We will work to make our products more resilient, We will work to make our products more resilient, and to develop privacy-enabling technologies. and to develop privacy-enabling technologies. And we will work to make the customer feedback And we will work to make the customer feedback loop even stronger. loop even stronger.

Security MobilizationSecurity Mobilization

What it is and Isn’tWhat it is and Isn’t

Worldwide Response Initiative Worldwide Response Initiative

Technical Response Technical Response

User ResponseUser Response

Developments since Oct 9 Security Developments since Oct 9 Security Positioning Positioning Worldwide Response Worldwide Response National Subsidiary CommunicationNational Subsidiary Communication Licensee CommunicationLicensee Communication

Partner and Customer Partner and Customer ImplicationsImplications

Microsoft Security Microsoft Security

Solutions and Solutions and ResourcesResources

Patches proliferatingPatches proliferating Time to exploit Time to exploit

decreasingdecreasing Exploits are more Exploits are more

sophisticated sophisticated Current approach is not Current approach is not

sufficientsufficient

Security is our #1 PrioritySecurity is our #1 PriorityThere is no silver bulletThere is no silver bullet

Change requires innovationChange requires innovation

151151180180

331331

Blaster

Blaster

Welchia/ Nachi

Welchia/ Nachi

NimdaNimda

2525

SQL Slammer

SQL Slammer

Days between patch Days between patch and exploitand exploit

Improving SecurityImproving SecurityResponding to the CrisisResponding to the Crisis

Security ResearchersSecurity Researchers

Discover Discover vulnerabilitiesvulnerabilities

Collaborating to fix Collaborating to fix vulnerabilitiesvulnerabilities

Disclosing Disclosing responsiblyresponsibly

Fewer researchers Fewer researchers disclosing disclosing

irresponsibly; irresponsibly; continuing to improvecontinuing to improve

Exploit CodersExploit Coders

Reverse-engineer Reverse-engineer patches & post exploit patches & post exploit

code to the Webcode to the Web

Building community Building community consensus that consensus that

disclosure is not gooddisclosure is not good

Reaching outReaching out

More industry More industry experts are speaking experts are speaking

out against exploit out against exploit codecode

Worm BuildersWorm Builders

Hack together worms Hack together worms with posted exploit code with posted exploit code

& worm toolkits& worm toolkits

Anti-VirusAnti-VirusReward ProgramReward Program

Assisting with technical Assisting with technical forensics workforensics work

Two arrests Two arrests around the around the

Blaster wormBlaster worm

What Microsoft is doingWhat Microsoft is doing

Results:Results:

The Exploit ProcessThe Exploit Process

You’ve Told UsYou’ve Told Us OurOur Action ItemsAction Items

““I can’t keep up…new I can’t keep up…new patches are released patches are released every week”every week”

““The quality of the The quality of the patching process is low patching process is low and inconsistent”and inconsistent”

““I need to know the right I need to know the right way to run a Microsoft way to run a Microsoft enterprise”enterprise”

““There are still too many There are still too many vulnerabilities in your vulnerabilities in your products”products”

Provide Guidance Provide Guidance and Trainingand Training

Mitigate Vulnerabilities Mitigate Vulnerabilities Without PatchesWithout Patches

Continue Improving Continue Improving QualityQuality

Improve the Patching Improve the Patching ExperienceExperience

Improve the Patching Improve the Patching Experience - Experience - New Patch PoliciesNew Patch Policies Extending security support to June 2004Extending security support to June 2004

Windows 2000 SP2Windows 2000 SP2 Windows NT4 Workstation SP6aWindows NT4 Workstation SP6a

Security patches on a monthly predictable Security patches on a monthly predictable release cycle release cycle

Allows for planning a Allows for planning a predictable monthly test and predictable monthly test and deployment cycle deployment cycle

Packaged as individual Packaged as individual patches that can be deployed patches that can be deployed together together

NOTE: Exceptions will be made if customers are at NOTE: Exceptions will be made if customers are at immediate risk from viruses, worms, attacks or other immediate risk from viruses, worms, attacks or other malicious activitiesmalicious activities

By late 2004: Consolidation to 2 patch installers for W2k and By late 2004: Consolidation to 2 patch installers for W2k and later, SQL 2000, Office & Exchange 2003; all patches will later, SQL 2000, Office & Exchange 2003; all patches will behave the same way behave the same way (update.exe, MSI 3.0)(update.exe, MSI 3.0)

Improved tools Improved tools consistencyconsistency

By mid-2004: Consistent results from MBSA, SUS, SMS, By mid-2004: Consistent results from MBSA, SUS, SMS, Windows Update Windows Update (will all use SUS 2.0 engine for (will all use SUS 2.0 engine for detection)detection)

Reduce patch Reduce patch complexitycomplexity

Reduce risk of Reduce risk of patch deploymentpatch deployment

Now: Increased internal testing; customer testing of patches Now: Increased internal testing; customer testing of patches before releasebefore releaseBy mid-2004: Rollback capability for W2k generation By mid-2004: Rollback capability for W2k generation products and later products and later (MSI 3.0 patches)(MSI 3.0 patches)

Reduce downtimeReduce downtimeNow:Now: Continued focus on reducing rebootsContinued focus on reducing rebootsBy late 2004: 30% of critical updates on Windows Server By late 2004: 30% of critical updates on Windows Server 2003 SP1 installed w/o rebooting 2003 SP1 installed w/o rebooting (“hot patching”)(“hot patching”)

Your NeedYour Need Our ResponseOur Response

Improve the Patching Improve the Patching Experience - Experience - Patch EnhancementsPatch Enhancements

Reduce patch sizeReduce patch sizeBy late 2004: Substantially smaller patches for W2k By late 2004: Substantially smaller patches for W2k generation and later OS & applications generation and later OS & applications (Delta patching (Delta patching technology, next generation patching installers)technology, next generation patching installers)

Improved tools Improved tools capabilitiescapabilities

May 2004: Microsoft Update (MU) hosts patches for W2k May 2004: Microsoft Update (MU) hosts patches for W2k server, and over time SQL 2000, Office & Exchange 2003server, and over time SQL 2000, Office & Exchange 2003

By mid-2004: SUS 2.0 receives content from MU & adds By mid-2004: SUS 2.0 receives content from MU & adds capabilities for targeting, basic reporting and rollbackcapabilities for targeting, basic reporting and rollback

Global Education ProgramGlobal Education Program TechNet Security SeminarsTechNet Security Seminars Monthly Security WebcastsMonthly Security Webcasts Monthly Security NewsletterMonthly Security Newsletter www.microsoft.com/eventswww.microsoft.com/events

New Prescriptive GuidanceNew Prescriptive Guidance Patterns and practicesPatterns and practices How-to configure for securityHow-to configure for security How Microsoft Secures MicrosoftHow Microsoft Secures Microsoft

Online CommunityOnline Community Security Zone for Security Zone for

IT ProfessionalsIT Professionals Authoritative Enterprise Security Authoritative Enterprise Security

GuidanceGuidance http://www.microsoft.com/technet/security/http://www.microsoft.com/technet/security/

bestprac.aspbestprac.asp

Providing Guidance and Providing Guidance and Training - Training - IT ProfessionalsIT Professionals

Make customer more resilient Make customer more resilient to attack, even when patches to attack, even when patches

are not installedare not installed

Help stop known & unknown Help stop known & unknown vulnerabilitiesvulnerabilities

Goal: Make 7 out of every 10 patches Goal: Make 7 out of every 10 patches installable on your scheduleinstallable on your schedule

Beyond PatchingBeyond Patching

Windows XP SP2 Windows XP SP2 SECURING CLIENTSSECURING CLIENTS

Improved network protectionImproved network protection Safer email and Web browsingSafer email and Web browsing Enhanced memory protectionEnhanced memory protection Beta available, RTM based on customer feedbackBeta available, RTM based on customer feedback

Windows Server 2003 SP1 Windows Server 2003 SP1 SECURING ENTERPRISESECURING ENTERPRISE

Role-based security configurationRole-based security configuration Inspected remote computersInspected remote computers Inspected internal environmentInspected internal environment RTM H2 CY04 – NOW!RTM H2 CY04 – NOW!

Delivering Security Delivering Security TechnologiesTechnologies

Security technologies for Security technologies for clientsclients

Security enhancements that protect Security enhancements that protect computers, even without patches…computers, even without patches…included in Windows XP SP2; more to included in Windows XP SP2; more to followfollow

Helps stop network-based attacks, Helps stop network-based attacks, malicious attachments and Web content, malicious attachments and Web content, and buffer overrunsand buffer overruns

Network protection:Network protection: Improved ICF, DCOM, Improved ICF, DCOM, RPC protection turned on by defaultRPC protection turned on by default

Safer browsing:Safer browsing: Pop-up blocking, Pop-up blocking, protection from accidental installation of protection from accidental installation of potentially malicious Web contentpotentially malicious Web content

Memory protection:Memory protection: Improved compiler Improved compiler checks to reduce stack overruns, checks to reduce stack overruns, hardware NX supporthardware NX support

Safer email:Safer email: Improved attachment Improved attachment blocking for Outlook Express and IMblocking for Outlook Express and IM

What it isWhat it is

What it doesWhat it does

Key FeaturesKey Features

Security technologies for Security technologies for EnterprisesEnterprises

Only clients that meet corporate Only clients that meet corporate security standards can connect…security standards can connect…included in Windows Server 2003 SP1; included in Windows Server 2003 SP1; more to follow more to follow

Protects enterprise assets from infected Protects enterprise assets from infected computerscomputers

Role-based security configuration: Role-based security configuration: Locks Locks down servers for their specific taskdown servers for their specific task

Inspected remote computers and internal Inspected remote computers and internal environment:environment: Enforce specific corporate security Enforce specific corporate security

requirements such as patch level, AV requirements such as patch level, AV signature level & firewall statesignature level & firewall state

Ensure these standards are met when Ensure these standards are met when VPN and local wired or wireless VPN and local wired or wireless connections are madeconnections are made

What it isWhat it is

What it doesWhat it does

Key FeaturesKey Features

Continue Improving QualityContinue Improving Quality Trustworthy Computing Release ProcessTrustworthy Computing Release Process

M1

M2

Mn

Beta

DesignD

evel

op

men

t

Release

Support

SecurityReview

SecurityReview

Each component team develops threat Each component team develops threat models, ensuring that design blocks models, ensuring that design blocks applicable threatsapplicable threats

Develop & Test

Develop & Test

Apply security design & coding standardsApply security design & coding standards Tools to eliminate code flaws (PREfix & Tools to eliminate code flaws (PREfix &

PREfast)PREfast) Monitor & block new attack techniquesMonitor & block new attack techniques

Security Push

Security Push

Team-wide stand downTeam-wide stand down Threat model updates, code review, test & Threat model updates, code review, test &

documentation scrubdocumentation scrub

Security Audit

Security Audit

Analysis against current threatsAnalysis against current threats Internal & 3Internal & 3rdrd party penetration testing party penetration testing

Security ResponseSecurity

Response

Fix newly discovered issuesFix newly discovered issues Root cause analysis to proactively find Root cause analysis to proactively find

and fix related vulnerabilitiesand fix related vulnerabilities

Design docs & specifications

Development, testing &

documentation

Product

Service Packs,QFEs

Critical or important vulnerabilities in the first…Critical or important vulnerabilities in the first…

33 66

……90 days90 days ……180 days180 days

88 2121

TwC release?TwC release?

YesYes

NoNo

For some widely-deployed, existing products:For some widely-deployed, existing products:

Mandatory for all new products:Mandatory for all new products:

Continue Improving QualityContinue Improving QualityContinue Improving QualityContinue Improving Quality

Bulletins sinceBulletins sinceTwC releaseTwC release

Shipped July 2002, 16 months ago (as of Nov. 2003)Shipped July 2002, 16 months ago (as of Nov. 2003)

11

Bulletins in 16 Bulletins in 16 month period prior month period prior

to TwC releaseto TwC release

66Service Pack 3Service Pack 3

Bulletins sinceBulletins sinceTwC releaseTwC release

Shipped Jan. 2003, 10 months ago (as of Nov. 2003)Shipped Jan. 2003, 10 months ago (as of Nov. 2003)

22

Service Pack 3Service Pack 3

1111

Bulletins in 10 Bulletins in 10 month period prior month period prior

to TwC releaseto TwC release

Patch InvestmentsPatch Investments Extended Support for NT4 Workstation SP6a & Extended Support for NT4 Workstation SP6a &

Windows 2000 SP2Windows 2000 SP2 Improved Patching ExperienceImproved Patching Experience

Global Education EffortGlobal Education Effort WW 500,000 customers trained by June 2004WW 500,000 customers trained by June 2004 New Security “Expert Zone”New Security “Expert Zone”

Security InnovationsSecurity Innovations Security technologies for Windows clientSecurity technologies for Windows client Security technologies for Windows serverSecurity technologies for Windows server

www.microsoft.com/security/IT

Commitment to CustomersCommitment to CustomersCommitment to CustomersCommitment to Customers

Lockdown servers, Lockdown servers, workstations and network workstations and network infrastructureinfrastructure

Lockdown servers, Lockdown servers, workstations and network workstations and network infrastructureinfrastructure

Design and deploy a Design and deploy a proactive patch proactive patch management strategymanagement strategy

Design and deploy a Design and deploy a proactive patch proactive patch management strategymanagement strategy

Centralize policy and Centralize policy and access managementaccess management

Centralize policy and Centralize policy and access managementaccess management

www.microsoft.com/technet/security/bestprac

Continue Improving QualityContinue Improving QualityMaking ProgressMaking Progress

.NET Framework (for 2002 & .NET Framework (for 2002 & 2003)2003)ASP.NET (for 2002 & 2003)ASP.NET (for 2002 & 2003)Biztalk Server 2002 SP1Biztalk Server 2002 SP1Commerce Server 2000 SP4Commerce Server 2000 SP4Commerce Server 2002 SP1Commerce Server 2002 SP1Content Management Server Content Management Server 20022002Exchange Server 2003Exchange Server 2003Host Integration Server 2002Host Integration Server 2002Identity Integration Server Identity Integration Server 20032003Live Communications Server Live Communications Server 20032003MapPoint.NETMapPoint.NET

Office 2003Office 2003Rights Mgmt Client & Rights Mgmt Client & Server 1.0Server 1.0Services For Unix 3.0Services For Unix 3.0SQL Server 2000 SP3SQL Server 2000 SP3Visual Studio .NET 2002Visual Studio .NET 2002Visual Studio .NET 2003Visual Studio .NET 2003Virtual PCVirtual PCVirtual ServerVirtual ServerWindows CE (Magneto)Windows CE (Magneto)Windows Server 2003Windows Server 2003Windows Server 2003 Windows Server 2003 ADAMADAM

2323 Products In the TwC Release Process Products In the TwC Release Process

SolutionsSolutions

Identity ManagementIdentity Management Integrated Identity Server Products and Integrated Identity Server Products and

ServicesServices Integration with Active DirectoryIntegration with Active Directory LicensingLicensing PIPEDA implications PIPEDA implications

SolutionsSolutions

Perimeter SecurityPerimeter Security ISA 2000ISA 2000 ISA 2004ISA 2004

Security SolutionsSecurity Solutions

Virus Information Alliance – Anti-VirusVirus Information Alliance – Anti-Virus

Security SolutionsSecurity Solutions

Rights ManagementRights Management

Security SolutionsSecurity Solutions

Privacy and Compliance Privacy and Compliance

ResourcesResources General

http://www.microsoft.com/security Technical Resources for IT Professionals

http://www.microsoft.com/technet/security Best Practices for Defense in Depth

http://www.microsoft.com/technet/security/bestprac.asp

How Microsoft Secures Microsoft http://www.microsoft.com/technet/

itsolutions/msit/ security/mssecbp.asp MSDN Security Development Tools

http://msdn.microsoft.com/security/downloads/tools/ default.aspx

Available NowAvailable Now 17 prescriptive books17 prescriptive books How Microsoft secures Microsoft How Microsoft secures Microsoft

Throughout 2004Throughout 2004 More prescriptive & how-to guidesMore prescriptive & how-to guides Tools & scripts to automate common Tools & scripts to automate common

taskstasks

Focused on operating a secure environment Focused on operating a secure environment Patterns & practices for defense in depthPatterns & practices for defense in depth Enterprise security checklist – the single place Enterprise security checklist – the single place

for authoritative security guidancefor authoritative security guidance

Security Guidance for IT ProsSecurity Guidance for IT ProsSecurity Guidance for IT ProsSecurity Guidance for IT Pros

ResourcesResourcesEnterprise Security GuidanceEnterprise Security Guidance Design and Deploy a Proactive Patch Management Strategy

Microsoft Guide to Security Patch Management: http://www.microsoft.com/technet/security/topics/patch

Lockdown Servers, Workstations and Network Infrastructure Microsoft Windows XP Security Guide Overview -

http://www.microsoft.com/technet/security/prodtech/winclnt/secwinxp/default.asp

Threats and Countermeasures Guides for Windows Server 2003 and Windows XP: http://www.microsoft.com/technet/security/topics/hardsys/TCG/TCGCH00.asp

Windows Server 2003 Security: http://www.microsoft.com/technet/security/prodtech/win2003/w2003hg/sgch00.asp

Securing your Network: http://msdn.microsoft.com/en‑us/dnnetsec/html/THCMCh15.asp

Perimeter Firewall Service Design: http://www.microsoft.com/technet/itsolutions/msa/msa20ik/VMHTMLPages/VMHtm57.asp

Network Access Quarantine for Windows Server 2003: http://www.microsoft.com/windowsserver2003/techinfo/overview/quarantine.mspx

Centralize Policy and Access Management Microsoft Identity and Access Management Solution:

http://www.microsoft.com/technet/security/topics/identity/idmanage Architecture, Deployment, and Management:

http://www.microsoft.com/technet/security/topics/architec

ResourcesResources

Canada - Security Academy InitiativeCanada - Security Academy Initiative

3.3. Wrap-upWrap-up

Microsoft WWMicrosoft WW

Special Announcement - TourSpecial Announcement - Tour

Our commitment to youOur commitment to you

Alignment around SecurityAlignment around Security

Values and Benefits to You!Values and Benefits to You!

Dec 2003Dec 2003 Jun 2004Jun 2004 FutureFuture20032003

Extended Extended supportsupport

Monthly Monthly patch patch releasesreleases

Baseline Baseline guidanceguidance

Community Community InvestmentsInvestments

Windows XP Windows XP SP2SP2

Patching Patching enhancementsenhancements

SMS 2003SMS 2003

SUS 2.0SUS 2.0

Microsoft Microsoft UpdateUpdate

Broad trainingBroad training

Windows Windows Server 2003 Server 2003 SP1SP1

Security Security technologiestechnologies

Next Next generation generation inspectioninspection

NGSCB NGSCB Windows Windows hardeninghardening

Continued Continued OS-level OS-level security security technologiestechnologies

Tour AnnouncementTour Announcement

TechNet / MSDN Security ForumsTechNet / MSDN Security Forums 10 cities starting in Toronto Feb 25 / 2610 cities starting in Toronto Feb 25 / 26 Be there with us.Be there with us. (dates as of Jan 28 – tentative!)(dates as of Jan 28 – tentative!)

TechNet Feb 26 Mar 09 Mar 10 Mar 16 Mar 17 Mar 24 Mar 30 Mar 31 Apr 06 Apr 07MSDN Feb 25 Mar 10 Mar 11 Mar 17 Mar 18 Mar 25 Mar 31 Apr 01 Apr 07 Apr 08

Q&AQ&A

Security and MicrosoftSecurity and Microsoft

Carolyn Burke, MA, CISSP Carolyn Burke, MA, CISSP Acting Senior Security Product Manager, Microsoft CanadaActing Senior Security Product Manager, Microsoft Canada

CEO, Integrity IncorporatedCEO, Integrity Incorporated