Microsoft on Tuesday released updated versions of white papers focused on software supply chain security and critical infrastructure protection.
According to Kevin Sullivan, Principal Security Strategist, Trustworthy Computing at Microsoft, the papers draw on Microsoft’s policies and practices that involve regular assessments of the security challenges facing its customers and their operations.
The two updated whitepapers, as described by Sullivan, include:
Toward a Trusted Supply Chain: A Risk Based Approach to Managing Software Integrity (PDF) – This paper describes Microsoft’s framework for incorporating software integrity risk-management practices in both the product development process and online services operations. The paper first presents an overview of our approach to providing risk-based protection for the integrity of Microsoft’s software during development and distribution. It then presents the details of our approach to assessing the risks to the supply chain and determining where to apply security controls. Finally, the paper summarizes some of the specific controls that we rely on to protect the integrity of our software products.
Critical Infrastructure Protection: Concepts and Continuum (PDF) – Draws upon our work with critical infrastructure owners and operators, coupled with our more than three decades of experience with our own internal systems. Modern life is increasingly reliant on a wide-ranging set of functions, services, systems, and assets, commonly referred to as infrastructures. Governments view several of these infrastructures, such as mcommunications, banking, energy, transportation, and healthcare, as critical, since their disruption, destruction, or loss of integrity can impact a nation’s stability. We’ve found that that effective critical infrastructure protection efforts share three core principles: trustworthy policies and plans; resilient operations; and innovative investments. This paper describes how these principles, enabled by trusted collaboration, form a continuum for protecting critical infrastructure.
For additional white papers and security resources visit SecurityWeek’s comprehensive white paper library.
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.
More from Mike Lennon
- Watch Now: Threat Detection and Incident Response Virtual Summit
- Registration Now Open: 2023 ICS Cybersecurity Conference | Atlanta
- NetRise Adds $8 Million in Funding to Grow XIoT Security Platform
- Virtual Event Today: Zero Trust Strategies Summit
- Virtual Event Tomorrow: Zero Trust Strategies Summit
- Watch: How to Build Resilience Against Emerging Cyber Threats
- Video: How to Build Resilience Against Emerging Cyber Threats
- Webinar Today: Understanding Hidden Third-Party Identity Access Risks
Latest News
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
