https://community.isc2.org/t5/Industry-News/Scathing-federal-report-rips-Microsoft-for-shoddy-security/m-p/69259#M6836 <P>HI All</P><P>&nbsp;</P><P>Another piece about the Microsoft issue:&nbsp; A lot of questions to ask our respective Governments:</P><P>&nbsp;</P><P><A href="https://www.theregister.com/2024/04/05/microsoft_government_contracts/?utm_source=daily&amp;utm_medium=newsletter&amp;utm_content=article" target="_blank">https://www.theregister.com/2024/04/05/microsoft_government_contracts/?utm_source=daily&amp;utm_medium=newsletter&amp;utm_content=article</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Mon, 08 Apr 2024 03:32:12 GMT Caute_cautim 2024-04-08T03:32:12Z https://community.isc2.org/t5/Industry-News/Scathing-federal-report-rips-Microsoft-for-shoddy-security/m-p/69030#M6822 <P>Hi All</P><P>&nbsp;</P><P>Now would you put all your eggs into the same basket?&nbsp;</P><P>&nbsp;</P><P><A href="https://apnews.com/article/microsoft-cybersecurity-hack-raimondo-breach-b0901a93cca2ffaf05edacbfb9ecf3da" target="_blank" rel="noopener">https://apnews.com/article/microsoft-cybersecurity-hack-raimondo-breach-b0901a93cca2ffaf05edacbfb9ecf3da</A></P><P>&nbsp;</P><P><A href="https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_508c.pdf" target="_blank" rel="noopener">https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_508c.pdf</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Wed, 03 Apr 2024 23:18:20 GMT https://community.isc2.org/t5/Industry-News/Scathing-federal-report-rips-Microsoft-for-shoddy-security/m-p/69030#M6822 Caute_cautim 2024-04-03T23:18:20Z https://community.isc2.org/t5/Industry-News/Scathing-federal-report-rips-Microsoft-for-shoddy-security/m-p/69031#M6823 A failure cascade,<BR />Systemically flawed,<BR />Fit for purpose? No.<BR /><BR />Knowing this, how many boards can justify using Microsoft for Office, Email, Storage, LLMs, IaaS, Databases, BI et Al?<BR /><BR />How is the status quo justified? The writing might be on the wall but those charged with the responsibility of protecting their companies don’t seem to be reading it…<BR /><BR />At the very least companies reliant on IP for their success should be seriously considering alternatives. Wed, 03 Apr 2024 23:45:11 GMT https://community.isc2.org/t5/Industry-News/Scathing-federal-report-rips-Microsoft-for-shoddy-security/m-p/69031#M6823 Early_Adopter 2024-04-03T23:45:11Z https://community.isc2.org/t5/Industry-News/Scathing-federal-report-rips-Microsoft-for-shoddy-security/m-p/69032#M6824 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/797288093">@Early_Adopter</a>&nbsp;&nbsp;</P><P>&nbsp;</P><P>Government policies - go for the discounts best value for money?&nbsp; Does it pay off in the end, when things like this occur?&nbsp;&nbsp;</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Thu, 04 Apr 2024 00:19:40 GMT https://community.isc2.org/t5/Industry-News/Scathing-federal-report-rips-Microsoft-for-shoddy-security/m-p/69032#M6824 Caute_cautim 2024-04-04T00:19:40Z https://community.isc2.org/t5/Industry-News/Scathing-federal-report-rips-Microsoft-for-shoddy-security/m-p/69033#M6825 Yeah, mostly rhetorical, as in we know the answer, however we probably require someone to regulate the service provider… do we know if Google is any better? Or just not worth attacking yet as not enough customers..? Thu, 04 Apr 2024 00:24:36 GMT https://community.isc2.org/t5/Industry-News/Scathing-federal-report-rips-Microsoft-for-shoddy-security/m-p/69033#M6825 Early_Adopter 2024-04-04T00:24:36Z https://community.isc2.org/t5/Industry-News/Scathing-federal-report-rips-Microsoft-for-shoddy-security/m-p/69061#M6830 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/797288093">@Early_Adopter</a>&nbsp;&nbsp;&nbsp; This also suggests that NIST SP800 53 R5 or NIST Cybersecurity Framework including SOC 1, SOC 2 reviews are inadequate for these circumstances - more rigorous measures need to be put in place and not precluding penalties or legal cases.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Thu, 04 Apr 2024 19:09:16 GMT https://community.isc2.org/t5/Industry-News/Scathing-federal-report-rips-Microsoft-for-shoddy-security/m-p/69061#M6830 Caute_cautim 2024-04-04T19:09:16Z https://community.isc2.org/t5/Industry-News/Scathing-federal-report-rips-Microsoft-for-shoddy-security/m-p/69194#M6831 Frankly I think at this stage we need to have massive increase to scope, depth and frequency on penetration testing.<BR /><BR />Another concern is the temptation to shortcut for profits. We do need separation - you design it … ok you don’t build it, … you built it you don’t run it… you run it? We get someone else to test.<BR /><BR />This last, the security testing needs to embrace all the techniques out there, be continuous and there needs to be a live score running for the consumers. Ubique Fri, 05 Apr 2024 08:43:44 GMT https://community.isc2.org/t5/Industry-News/Scathing-federal-report-rips-Microsoft-for-shoddy-security/m-p/69194#M6831 Early_Adopter 2024-04-05T08:43:44Z https://community.isc2.org/t5/Industry-News/Scathing-federal-report-rips-Microsoft-for-shoddy-security/m-p/69250#M6835 <P>Hi All</P><P>&nbsp;</P><P>This is an interesting consolidation on the Microsoft security issue:</P><P>&nbsp;</P><P><A href="https://www-securityweek-com.cdn.ampproject.org/c/s/www.securityweek.com/microsofts-security-chickens-have-come-home-to-roost/amp/" target="_blank">https://www-securityweek-com.cdn.ampproject.org/c/s/www.securityweek.com/microsofts-security-chickens-have-come-home-to-roost/amp/</A></P><P>&nbsp;</P><P>This could take years to resolve from a cultural perspective, certainly not overnight.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><P>&nbsp;</P> Sun, 07 Apr 2024 20:01:29 GMT https://community.isc2.org/t5/Industry-News/Scathing-federal-report-rips-Microsoft-for-shoddy-security/m-p/69250#M6835 Caute_cautim 2024-04-07T20:01:29Z https://community.isc2.org/t5/Industry-News/Scathing-federal-report-rips-Microsoft-for-shoddy-security/m-p/69259#M6836 <P>HI All</P><P>&nbsp;</P><P>Another piece about the Microsoft issue:&nbsp; A lot of questions to ask our respective Governments:</P><P>&nbsp;</P><P><A href="https://www.theregister.com/2024/04/05/microsoft_government_contracts/?utm_source=daily&amp;utm_medium=newsletter&amp;utm_content=article" target="_blank">https://www.theregister.com/2024/04/05/microsoft_government_contracts/?utm_source=daily&amp;utm_medium=newsletter&amp;utm_content=article</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Mon, 08 Apr 2024 03:32:12 GMT https://community.isc2.org/t5/Industry-News/Scathing-federal-report-rips-Microsoft-for-shoddy-security/m-p/69259#M6836 Caute_cautim 2024-04-08T03:32:12Z https://community.isc2.org/t5/Industry-News/Scathing-federal-report-rips-Microsoft-for-shoddy-security/m-p/69265#M6837 Yup, takes a while to turn that mindship around. Mon, 08 Apr 2024 11:07:56 GMT https://community.isc2.org/t5/Industry-News/Scathing-federal-report-rips-Microsoft-for-shoddy-security/m-p/69265#M6837 Early_Adopter 2024-04-08T11:07:56Z https://community.isc2.org/t5/Industry-News/Scathing-federal-report-rips-Microsoft-for-shoddy-security/m-p/69292#M6839 <P>Hi All</P><P>&nbsp;</P><P>Have a look at this subsequent analysis too:</P><P>&nbsp;</P><P><A href="https://accelerationeconomy.com/cloud-wars/microsoft-cybersecurity-disaster-triggers-customer-doubt-competitor-opportunity/" target="_blank">https://accelerationeconomy.com/cloud-wars/microsoft-cybersecurity-disaster-triggers-customer-doubt-competitor-opportunity/</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Tue, 09 Apr 2024 04:37:50 GMT https://community.isc2.org/t5/Industry-News/Scathing-federal-report-rips-Microsoft-for-shoddy-security/m-p/69292#M6839 Caute_cautim 2024-04-09T04:37:50Z