Page 631 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 631

The concept of company-owned, personally enabled (COPE) is for the
               organization to purchase devices and provide them to employees. Each

               user is then able to customize the device and use it for both work
               activities and personal activities. COPE allows the organization to
               select exactly which devices are to be allowed on the organizational
               network—specifically only those devices that can be configured into
               compliance with the security policy.

               The concept of choose your own device (CYOD) provides users with a

               list of approved devices from which to select the device to implement.
               A CYOD can be implemented so that employees purchase their own
               devices from the approved list (a BYOD variant) or the company can
               purchase the devices for the employees (a COPE variant).

               A corporate-owned mobile strategy is when the company purchases
               the mobile devices that can support security compliance with the
               security policy. These devices are to be used exclusively for company

               purposes, and users should not perform any personal tasks on the
               devices. This often requires workers to carry a second device for
               personal use.

               Virtual desktop infrastructure (VDI) is a means to reduce the security
               risk and performance requirements of end devices by hosting virtual
               machines on central servers that are remotely accessed by users. VDI
               has been adopted into mobile devices and has already been widely

               used in relation to tablets and notebook computers. It is a means to
               retain storage control on central servers, gain access to higher levels of
               system processing and other resources, and allow lower-end devices
               access to software and services behind their hardware’s capacity.

               This has led to virtual mobile infrastructure (VMI), where the
               operating system of a mobile device is virtualized on a central server.
               Thus, most of the actions and activities of the traditional mobile device

               are no longer occurring on the mobile device itself. This remote
               virtualization allows an organization greater control and security than
               when using a standard mobile device platform. It can also enable
               personally owned devices to interact with the VDI without increasing
               the risk profile. This concept will require a dedicated isolated wireless
               network to restrict BYOD devices from interacting directly with
   626   627   628   629   630   631   632   633   634   635   636