Page 1231 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1231

sandboxing technique prevents the application from infecting other
               applications or the operating system.

               Application developers often use virtualization techniques to test

               applications. They create a virtual machine and then isolate it from the
               host machine and the network. They are then able to test the
               application within this sandbox environment without affecting
               anything outside the virtual machine. Similarly, many anti-malware
               vendors use virtualization as a sandboxing technique to observe the

               behavior of malware.


               Third-Party Security Services

               Some organizations outsource security services to a third party, which
               is an individual or organization outside the organization. This can
               include many different types of services such as auditing and
               penetration testing.

               In some cases, an organization must provide assurances to an outside
               entity that third-party service providers comply with specific security
               requirements. For example, organizations processing transactions

               with major credit cards must comply with the Payment Card Industry
               Data Security Standard (PCI DSS). These organizations often
               outsource some of the services, and PCI DSS requires organizations to
               ensure that service providers also comply with PCI DSS requirements.
               In other words, PCI DSS doesn’t allow organizations to outsource their
               responsibilities.

               Some software as a service (SaaS) vendors provide security services via

               the cloud. For example, Barracuda Networks include cloud-based
               solutions similar to next-generation firewalls and UTM devices. For
               example, their Web Security Service acts as a proxy for web browsers.
               Administrators configure proxy settings to access a cloud-based
               system, and it performs web filtering based on the needs of the
               organization. Similarly, they have a cloud-based Email Security

               Gateway that can perform inbound spam and malware filtering. It can
               also inspect outgoing traffic to ensure that it complies with an
               organization’s data loss prevention policies.


               Penetration Testing
   1226   1227   1228   1229   1230   1231   1232   1233   1234   1235   1236