I spend a lot of time in this blog talking about server and client OS security. However, there’s a lot more to security than just the server and client operating systems. OK, we also spend a lot of time on network security. But outside of network and OS security what else is there? Application Security. While great strides have been made at increasing OS and network security, application security is improving more slowly. That’s why many of the most effective attacks today are not targeted at the network or OS, but at the networked applications running on the operating system.

One exception to this is Office 2007. Office 2007 applications were developed using the Security Development Lifecycle method of software development. Because of this, they were designed with security in mind from the ground up. Old code was reviewed, triaged and rewritten as required. New features were built from the ground up with security injected at each phase of software development. In addition to the SDL development process, Office 2007 was built with SD3+C: secure in design, secure in development and secure in deployment, with communications channels open to insure ongoing security support and updating.

To help with the secure in deployment, Microsoft has created the Office 2007 Security Guide. This guide shows you how to securely deploy Office, how to make the best use of security features in Office 2007 applications, and how to take advantage of Office 2007 Group Policy extensions to scale your Office 2007 application security.

Check out the Office 2007 Security Guide at:

HTH,

Tom

Thomas W Shinder, M.D.
Site: http://www.isaserver.org/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW BOOK! Go to http://tinyurl.com/2gpoo8
Email: tshinder@isaserver.org
MVP — Microsoft Firewalls (ISA)