Global Security Best Practices Released

As part of the release of Volume 7 of its Security Intelligence Report (SIRv7), Microsoft has included security best practices from countries that have consistently exhibited low malware infection. These best practices and security intelligence reports provide a valuable resource for business leaders who need to make accurate decisions based on the threats that are most pressing today.

According to Microsoft, infection rates and threats vary geographically, and SIRv7 contains proven best practices from countries with the lowest infections. For example, infection rates in Japan, Austria, and Germany remained relatively low during this period. The following best practices provide insight into how security experts in these regions keep resources safe from cyber threats:

• Japan has seen its infection rates remain relatively low. One of the reasons is due in large part to collaborations such as the Cyber Clean Center, a cooperative project between ISPs, security vendors, and Japanese government agencies to educate users.
• Austria has implemented strict IT enforcement guidelines to lower piracy rates, and this -- along with strong ISP relationships and fast Internet lines, which aid in security-update deployment -- has helped ensure its generally low infection rate.
• Germany has also leveraged collaboration efforts with its computer emergency response team (CERT) and ISP communities to help identify and raise awareness of botnet infections and, in some cases, quarantine infected computers.

Central to each of these regions is the growing trend of community-based defense, in which the broader industry combines its collective strengths and intelligence to help defend computer users.

Microsoft also recommends that organizations use the data and guidance outlined in the Microsoft Security Intelligence Report to assess and improve their security practices. Among some of the proactive steps organizations can take are:

• Ensure that all third-party applications are being updated regularly by the vendor. Check the vendor's website to determine whether any updates have been released and whether they need to be applied to computers.
• Ensure that a customer's development team is using the Security Development Lifecycle (SDL), or similar software security assurance process.
• Ensure that policies are in place to help secure all file shares and regulate the use of removable media. Install AutoPlay update to help regulate automatic initiation of potentially dangerous removable media.

Posted by Jon Erickson at 12:28 PM  Permalink