Page 597 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 597
theft outside an organization’s premises).
It’s essential to separate and isolate processes that run in user and
supervisory modes so that unauthorized and unwanted access to
high-privilege processes and capabilities is prevented.
Protection domains should be created so that compromise of a
client won’t automatically compromise an entire network.
Disks and other sensitive materials should be clearly labeled as to
their security classification or organizational sensitivity; procedural
processes and system controls should combine to help protect
sensitive materials from unwanted or unauthorized access.
Files on desktop machines should be backed up, as well as files on
servers—ideally, using some form of centralized backup utility that
works with client agent software to identify and capture files from
clients stored in a secure backup storage archive.
Desktop users need regular security awareness training to maintain
proper security awareness; they also need to be notified about
potential threats and instructed on how to deal with them
appropriately.
Desktop computers and their storage media require protection
against environmental hazards (temperature, humidity, power
loss/fluctuation, and so forth).
Desktop computers should be included in disaster recovery and
business continuity planning because they’re potentially as
important as (if not more important than) other systems and
services within an organization for [or in] getting their users back
to work on other systems.
Developers of custom software built in and for distributed
environments also need to take security into account, including
using formal methods for development and deployment, such as
code libraries, change control mechanisms, configuration
management, and patch and update deployment.
In general, safeguarding distributed environments means
understanding the vulnerabilities to which they’re subject and
