CISSP考试指南笔记:7.4 安全资源配置

provisioning is the set of all activities required to provide one or more new information services to a user or group of users.

At the heart of provisioning is the imperative to provide these services in a secure manner.

Asset Inventory


the most essential aspect of securing our information systems is knowing what it is that we are defending.

Tracking Hardware

The International Organization for Standardization published ISO/PAS 28000:2007 as a means for organizations to use a consistent approach to securing their supply chains.

The solution is to have a comprehensive monitoring process that actively searches for these devices and ensures compliance with your organization’s security policies.

Tracking Software

The solution to the software asset inventory problem is multifaceted. It starts with an assessment of the legitimate application requirements of the organization.

Here are some of the most widely accepted best practices:

  • Application whitelisting

  • Using Gold Masters

  • Enforcing the principle of least privilege

  • Automated scanning

剩余内容请关注本人公众号debugeeker, 链接为CISSP考试指南笔记:7.4 安全资源配置

已标记关键词 清除标记
相关推荐
©️2020 CSDN 皮肤主题: 大白 设计师:CSDN官方博客 返回首页