43. What is Malware (MAEC) and why are information security policies and procedures so important today and do you offer comprehensive I.T. security documentation?

When one thinks of malware, it’s often about malicious software, and rightfully so, but the MAEC, at http://maec.mitre.org/ is also a very important concept that I.T. professionals should be aware of. More specifically, MAEC is a standardized language for actually encoding and communicating high-fidelity information regarding malware, based upon attributes such as behaviors, artifacts, and attack patterns. Additionally MAEC has in place the following three (3) community-developed components for defining standardized MAEC Language:

  • Element dictionaries.
  • Schemas for defining vocabulary syntax.
  • Standard output formats based on schemas.

MAEC also has published numerous documents for helping individuals learn more about its platform, such as the following: An Introduction to the Malware Attribute Enumeration and Characterization White Paper. If malware is a serious concern to your organization – and it should be – then learn more about MAEC today at http://maec.mitre.org.

The Importance of Information Security Policies and Procedures

Fighting malware is an important information security initiative – especially in today’s treacherous world we all live in – but don’t forget the importance of documented policies and procedures. Operational and information security policies and procedures are not only a best-practices mandate that every organization should have in place, they’re also a strict requirement for today’s growing regulatory compliance mandates. That’s why FLANK has developed the FLANK21 set of operational, business specific, and information security documents – hundreds of policies, procedures, forms, checklists, templates, provisioning and hardening documents – and more.

Information Security Policies are a Must for Compliance

Malware initiatives, such as those from MAEC – and information security policies and procedures – they go together when it comes to ensuring the confidentiality, integrity, and availability (CIA) of one’s system resources.