46. What is the Trusted Automated Exchange of Indicator Information (TAXII) and why are information security policies and procedures so important today, and do you offer comprehensive I.T. security documentation?

Cyber security is a growing concern amongst all of us in today’s world, thus the ability to effectively combat malicious attacks that can severely damage critical infrastructure assets is fast becoming a top priority. Collecting, analyzing, and countering cyber security attacks is essential, but important intelligence must be gathered, assessed, and promptly disseminated throughout the broader security world, and that’s where the Trusted Automated Exchange of Indicator Information (TAXII) becomes essential. TAXII, according to http://taxii.mitre.org/ seeks to fill this void by enabling robust, secure exchanges of cyber threat information. Moreover, TAXII services and protocols have been designed to enhance interoperability of different cyber security solutions, while encouraging vendors to actively support TAXII initiatives within their cyber security products and services.

The goals of TAXII are the following:

  • Enabling of timely and secure sharing of threat information within and between cyber security communities.
  • Leveraging consensus standards and specifications for enabling sharing of actionable indicators throughout organizational, product and service boundaries.
  • Enabling robust, secure, and high-capacity exchanges of expressive sets of cyber threat information.
  • Supporting a broad and wide range of use cases and practices common to cyber threat information sharing communities.
  • Effectively leveraging existing mature standards as necessary and warranted.
  • To seek adoption by one or more international standards organizations as an accredited cybersecurity benchmark, standard, and/or framework.

Source: http://taxii.mitre.org/

The Importance of Information Security Policies and Procedures

Utilizing industry leading frameworks and platforms for better assessing one’s cyber security posture is a must for today’s I.T. organizations, and a healthy compliment to such initiatives are documented information security policies and procedures. From implementing best practices to meeting the endless mandates of regulatory compliance, policies and procedures help organizations in documenting their entire information systems architecture.  FLANK, a global leader of in the field of security and compliance offers the FLANK21 set of documents consisting of literally hundreds of operational, business specific, and information security policies, procedures, forms, checklists, templates, and provisioning hardening material.

Information Security Policies are Essential for Compliance

Available for purchase and immediate download, the FLANK21 set of forms contains numerous policies, procedures – and more – directly relating to cyber security and other critical information security issues.  Regulatory compliance and the need to secure an organization’s critical I.T. assets from cyber security threats are more important than ever, and it starts with putting in place enterprise-wide information security policies and procedures.