Microsoft takes security class on the road

[InfoSec News <isn () c4i org>]

http://news.com.com/2100-7355_3-5186861.html

By Robert Lemos 
Staff Writer, CNET News.com
April 7, 2004,

Microsoft's on a mission to get technology pros to think harder about
security.

The software giant is sending executives to 20 cities across the
United States to train developers and information system managers in
how to better protect their systems. The free events, dubbed Security
Summits, are the first step in Microsoft's plan to train 500,000
information technology workers worldwide by the end of this year,
according to Mike Nash, vice president for Microsoft's Security
Business unit.

"We want to make sure that customers have a security strategy," Nash
said. "There were people that got hit with Slammer, and they go away
and implement a security plan and then Blaster comes along and they
said, 'Wow, that's a nonissue.' The hope (in holding these events) is
to skip step one."

The Security Summits kicked off in New York City on Tuesday with free
day-long classes for network administrators and information-system
managers. The seminar was repeated on Wednesday. The events attracted
about 1,000 people each.

The events are Microsoft's latest effort in its two-year-old
Trustworthy Computing initiative. The software giant has taken major
steps to elevate security concerns, such as delaying its next version
of Windows in order to divert developers to a security update, known
as Service Pack 2, for Windows XP.

Chairman Bill Gates underscored Microsoft's commitment to better
security in a public letter sent to customers last month. "Security is
as big and important a challenge as any our industry has ever
tackled," Gates wrote. "It is not a case of simply fixing a few
vulnerabilities and moving on."

However, Microsoft's focus on security has resulted in longer
development times for patches for vulnerabilities in its products. The
company has begun to de-emphasize patching as a security solution and
has started urging companies to think more broadly about security
instead, promoting the use of training and better network protection.

At the Security Summit events, Microsoft customers can attend one of
two tracks: one basic, the other for more advanced system
administrators. The events include general sessions meant for
information technology professionals and scheduled one-on-one meetings
between executives from Microsoft and customer companies, Nash said.

Microsoft plans to hold other events worldwide to train more IT
professionals, to hit its half-million-person mark, according to Nash.

Nash stressed that the Security Summit tour is only one step in
Microsoft's security efforts and is not designed to provide a final
solution to the online security woes that affect many companies.

"500,000 people trained on security, that is a pretty good footing,"  
he said. "But I don't think anyone believes...that the issue is going
to be solved by the end of 2004."



_________________________________________
ISN mailing list
Sponsored by: OSVDB.org