Page 630 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 630

support for communications encryption, but most can run add-on
               software (apps) that can add encryption to data sessions, voice calls,

               and/or video conferences.


               Application Whitelisting

               Application whitelisting is a security option that prohibits
               unauthorized software from being able to execute. Whitelisting is also
               known as deny by default or implicit deny. In application security,
               whitelisting prevents any and all software, including malware, from
               executing unless it’s on the preapproved exception list: the whitelist.

               This is a significant departure from the typical device-security stance,
               which is to allow by default and deny by exception (also known as
               blacklisting).

               Due to the growth of malware, an application whitelisting approach is
               one of the few options remaining that shows real promise in protecting
               devices and data. However, no security solution is perfect, including
               whitelisting. All known whitelisting solutions can be circumvented

               with kernel-level vulnerabilities and application configuration issues.


               BYOD Concerns

               Bring your own device (BYOD) is a policy that allows employees to
               bring their own personal mobile devices into work and use those
               devices to connect to (or through) the company network to business

               resources and/or the internet. Although BYOD may improve employee
               morale and job satisfaction, it increases security risk to the
               organization. If the BYOD policy is open-ended, any device is allowed
               to connect to the company network. Not all mobile devices have
               security features, and thus such a policy allows noncompliant devices
               onto the production network. A BYOD policy that mandates specific
               devices may reduce this risk, but it may in turn require the company to

               purchase devices for employees who are unable to purchase their own
               compliant device. Many other BYOD concerns are discussed in the
               following sections.

               There are several alternatives to a BYOD policy, including COPE,
               CYOD, corporate owned, and VDI.
   625   626   627   628   629   630   631   632   633   634   635