2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet714/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   710   711   712   713   714   715   716   717   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Sandboxing
Sandboxing provides a security boundary for applications and prevents the application 
from interacting with other applications. Anti-malware applications use sandboxing tech-
niques to test unknown applications. If the application displays suspicious characteristics, 
the sandboxing technique prevents the application from infecting other applications or the 
operating system.
Application developers often use virtualization techniques to test applications. They cre-
ate a virtual machine and then isolate it from the host machine and the network. They are 
then able to test the application within this sandbox environment without affecting any-
thing outside the virtual machine. Similarly, many anti-malware vendors use virtualization 
as a sandboxing technique to observe the behavior of malware.
Third-Party Security Services
Some organizations outsource security services to a third party, which is an individual or 
organization outside the organization. This can include many different types of services 
such as auditing and penetration testing.
In some cases, an organization must provide assurances to an outside entity that third-
party service providers comply with specific security requirements. For example, organiza-
tions processing transactions with major credit cards must comply with the Payment Card 
Industry Data Security Standard (PCI DSS). These organizations often outsource some of 
the services, and PCI DSS requires organizations to ensure that service providers also com-
ply with PCI DSS requirements. In other words, PCI DSS doesn’t allow organizations to 
outsource their responsibilities.
Some software as a service (SaaS) vendors provide security services via the cloud. For 
example, Barracuda Networks include cloud-based solutions similar to next-generation fire-
walls and UTM devices. For example, their Web Security Service acts as a proxy for web 
browsers. Administrators configure proxy settings to access a cloud-based system, and it 
performs web filtering based on the needs of the organization. Similarly, they have a cloud-
based Email Security Gateway that can perform inbound spam and malware filtering. It 
can also inspect outgoing traffic to ensure that it complies with an organization’s data loss 
prevention policies.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   710   711   712   713   714   715   716   717   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish