Douglas Lee
Regional Security Manager, Microsoft Worldwide Security Centre of Excellence (SCOE)

This session provides an update on the progress of Microsoft Trustworthy Computing Initiatives since its launch by Microsoft Chairman and Chief Software Architect, Bill Gates, in January 2002. It also includes highlights on Microsoft's security strategy, the latest deliverables and roadmaps for meeting the various security challenges in enterprises and home computing requirements, including anti-spyware, network quarantines, and information rights management.

Security is a cornerstone in the IT strategy of all forward-looking enterprises, irrespective of size. With a business eco-system that is rapidly undergoing change in the way it conducts day to day business, IT planners are challenged to match network infrastructure to evolving business needs. Enabling business growth is now fundamental to any IT roadmap. This presentation will highlight the trends in the world of communications and how these, in turn, are driving new developments in network security.

In an age of greater accountability and transparency, companies are assessing their Corporate Governance in Information Security. A series of increasingly alarming online threats have moved the issue from being the preserve of the IT department alone up to the level of the board. Viruses, spam, spyware, and phishing constitute serious 'inbound' concerns. Allied to this are outbound threats. A recent SurfControl survey ranked confidential information leakage as the major content issue facing corporations after spam. The first step towards security management is identifying the risk and then controlling it. Mark Trudinger will explain the necessity of a clear Acceptable Use Policy, and discuss the risks that content pose to company security.

For quite a while, IT practitioners, vendors and governments have been stressing the importance of having a holistic, updated and tested business continuity and disaster recovery (BCDR) plan for businesses. As a result, today we are seeing a variety of best practices and guidelines for BCDR planning in the marketplace. But have all these efforts resulted in a more resilient IT infrastructure for businesses?In his presentation, Mr. Willie Low will be sharing IDC latest research on the state of affairs regarding Asia/Pacific companies' BCDR architecture. Covering 16 industries across 12 countries, the presentation reviews if businesses today are doing what they should? What works for SMBs and enterprises distinctly? And crucially, what still needs to be done?

We often hear that security is a journey, not a destination. This is very true. New threats today, that weren't there before, include spams, vulnerabilities, spy-wares, new attacks, new worms. The need to educate users and to meet industry governors does not make it any easier.

Governments, corporations and individuals all hate SPAM, so why does it persist? The answer lies in the fact that while reviled by everyone, advertising via SPAM remains and effective tool for selling everything from discounted brokerage services to generic medicines. Legislation and corporate policy will go only so far in restricting SPAM. While a market economy may be giving life to the SPAM epidemic, it will also ultimately be the cause of it¡¯s demise.

Many organizations believe that they are well protected from external security vulnerabilities such as hacking and web based virus attacks. With workplace use of instant messaging, interactive games, and streaming media on the rise, the office has become an instant door opener for invasive an potentially damaging enemies such as Spyware, Phishing scams, Keyloggers, Malicious Code, and Web Based Viruses. Providing access to the Internet without protection opens the floodgates of potentially dangerous online threats to the organization. The Websense presentation will examine an array of strategies to combat the most dangerous emerging online security threats.

As networks continue to proliferate and increase in technical complexity, the methods used to compromise the security and integrity of various networks are becoming equally complex. There has been a lot of concern over the vulnerabilities in wireless networks and many organisations are also very interested in the levels of security offered in emerging VoIP networks and converged applications. In this presentation Keith will provide an overview of the latest threats faced by network administrators - across all network types - and he will provide some thought provoking ideas in some of the keys areas that need to be closely reviewed and monitored, to ensure that the integrity, confidentiality and availability of network resources and converged applications meets an organisation's evolving security expectations. Keith will also discuss some of the latest research being undertaken by Bell Labs in the area of network security and he will highlight how the Bell Labs 72 point network security architecture model became the ITU-T x.805 standard and how it will soon become ISO-18028 - and what the relevance and adoption of that standard will mean to your organisation is designing, auditing and maintaining end-to-end network security.

In 2005 companies throughout Asia are expected to spend 17% of their IT budget on information security. Many organizations are increasing their IT spending on proper security measures that will ensure business continuity. System downtime can cost companies millions of dollars in lost business and productivity. Business disruption and security breaches continue to be the top security concern facing businesses both large and small. In this session delegates will learn how they can protect their business by applying intelligent, multi layer security solutions to minimize disruptions due to security breaches, optimize worker productivity with secure access, and ensure system uptime.

Most IT security managers today are facing an information overload of security vulnerabilities and alerts. At the same time, security is getting more and more complex with new additions to the traditional paradigm of firewalls and intrusion detection systems. For instance, today we are seeing application level security such as content security and email security. Thus, the crux of the problem is to analyze the information and sieve through those that are relevant only. Our proposal here is to use business intelligence technology on IT security so to focus on specific vulnerabilities and threats rather than trying to do everything. The G-TEC lab research, Internet Weather Forecast Centre (IWFC), focuses on this problem. Through a community effort, it attempts to provide free and abbreviated information on "weather" of the local Internet - is a storm rising or is it another day of fine weather? As a result, imminent threat from a (potential) worm outbreak can be mitigated much earlier due to such sensors setup by IWFC.