49. What is the Common Attack Pattern Enumeration and Classification (CAPEC) and why are information security policies and procedures so important today, and do you offer comprehensive I.T. security documentation?

The Common Attack Pattern Enumeration and Classification (CAPEC), according to http://capec.mitre.org/, is a community-developed list of common attack patterns along with a comprehensive schema and classification taxonomy. As for attack patterns, they are descriptions of common methods for exploiting software systems, which is becoming increasingly common in today’s world of information security as malicious individuals and their associated actions are constantly seeking to exploit vulnerabilities in software development. As for developers themselves, building software with adequate levels of security is becoming extremely challenging indeed, one that requires a sincere commitment to secure coding techniques.

CAPEC, sponsored by the United States Department of Homeland Security, seeks to provide a publicly available catalog of attack patterns along with a comprehensive schema and classification taxonomy. CAPEC, like many other MITRE platforms, has a number of associated community driven projects and platforms – all generally relating to best practices regarding the broader topic of information security.

Information Security Policies and Procedures

While on the topic of CAPEC and information security, it’s also important for organizations to effectively document their daily operational and security practices, which ultimately requires developing comprehensive, enterprise-wide policy and procedural material. Not only are policies and procedures mandated for regulatory compliance, they just make sense from a best practices security perspective. FLANK, a global leader in security documentation, offers the FLANK21 set of operational, business specific, and information security policies, procedures, forms, checklists, templates, provisioning and hardening documents –and more – for sale and download.  Containing hundreds of essential compliance and security forms, the FLANK21 set of documents is a must have for organizations serious about information security. 

Information Security Polices for Compliance for Download

CAPEC is an essential component of the growing number of platforms within the broader scope of information security seeking to ensure confidentiality, integrity and availability (CIA) – the essential I.S. triad. Yet another important component of CIA is having documented information security policies and procedures in place – such as those offered from securitypolicyportal.com.