Information security is a very dynamic field: legislation keeps changing, technology keeps evolving, and the attacker community continues to be more sophisticated. This turmoil has forced security practitioners to think creatively to address some very difficult problems. Much of this innovation has been locked away within corporations as they have made isolated progress on issues like security metrics, security risk management frameworks, and security policy.
In order to address this discrepancy, Microsoft commissioned a whitepaper series to share key security innovations. Whitepaper topics came from participants in Microsoft’s CSO Council – a semi-annual gathering of security executives from leading global organizations who serve as advisors to Microsoft’s Trustworthy Computing group.
Our goal is to share practices “from-the-trenches” that address some of the toughest problems in security. After numerous interviews, discussions, and debates with these thought leaders, a collection of effective practices emerged. While much remains to be done, we hope these papers fuel the discussion and help facilitate further sharing in the field of IT security.