This management-level security guidance is policy oriented and focuses on managing the risk/benefit equation with regard to strategies for reducing malware in midsize businesses.