[ISN] Microsoft takes security class on the road

From: InfoSec News (isn@private)
Date: Thu Apr 08 2004 - 07:05:41 PDT

  • Next message: InfoSec News: "Re: [ISN] Firm invites experts to punch holes in ballot software"

    http://news.com.com/2100-7355_3-5186861.html
    
    By Robert Lemos 
    Staff Writer, CNET News.com
    April 7, 2004,
    
    Microsoft's on a mission to get technology pros to think harder about
    security.
    
    The software giant is sending executives to 20 cities across the
    United States to train developers and information system managers in
    how to better protect their systems. The free events, dubbed Security
    Summits, are the first step in Microsoft's plan to train 500,000
    information technology workers worldwide by the end of this year,
    according to Mike Nash, vice president for Microsoft's Security
    Business unit.
    
    "We want to make sure that customers have a security strategy," Nash
    said. "There were people that got hit with Slammer, and they go away
    and implement a security plan and then Blaster comes along and they
    said, 'Wow, that's a nonissue.' The hope (in holding these events) is
    to skip step one."
    
    The Security Summits kicked off in New York City on Tuesday with free
    day-long classes for network administrators and information-system
    managers. The seminar was repeated on Wednesday. The events attracted
    about 1,000 people each.
    
    The events are Microsoft's latest effort in its two-year-old
    Trustworthy Computing initiative. The software giant has taken major
    steps to elevate security concerns, such as delaying its next version
    of Windows in order to divert developers to a security update, known
    as Service Pack 2, for Windows XP.
    
    Chairman Bill Gates underscored Microsoft's commitment to better
    security in a public letter sent to customers last month. "Security is
    as big and important a challenge as any our industry has ever
    tackled," Gates wrote. "It is not a case of simply fixing a few
    vulnerabilities and moving on."
    
    However, Microsoft's focus on security has resulted in longer
    development times for patches for vulnerabilities in its products. The
    company has begun to de-emphasize patching as a security solution and
    has started urging companies to think more broadly about security
    instead, promoting the use of training and better network protection.
    
    At the Security Summit events, Microsoft customers can attend one of
    two tracks: one basic, the other for more advanced system
    administrators. The events include general sessions meant for
    information technology professionals and scheduled one-on-one meetings
    between executives from Microsoft and customer companies, Nash said.
    
    Microsoft plans to hold other events worldwide to train more IT
    professionals, to hit its half-million-person mark, according to Nash.
    
    Nash stressed that the Security Summit tour is only one step in
    Microsoft's security efforts and is not designed to provide a final
    solution to the online security woes that affect many companies.
    
    "500,000 people trained on security, that is a pretty good footing,"  
    he said. "But I don't think anyone believes...that the issue is going
    to be solved by the end of 2004."
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Thu Apr 08 2004 - 12:14:31 PDT