Page 663 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 663

information from being read from a different security level. Hardware
               segmentation enforces process isolation with physical controls.

               Understand how a security policy drives system design,

               implementation, testing, and deployment. The role of a security
               policy is to inform and guide the design, development,
               implementation, testing, and maintenance of some particular system.

               Understand cloud computing. Cloud computing is the popular
               term referring to a concept of computing where processing and storage
               are performed elsewhere over a network connection rather than
               locally. Cloud computing is often thought of as Internet-based

               computing.

               Understand the risks associated with cloud computing and
               virtualization. Cloud computing and virtualization, especially when
               combined, have serious risks associated with them. Once sensitive,
               confidential, or proprietary data leaves the confines of the
               organization, it also leaves the protections imposed by the

               organizational security policy and resultant infrastructure. Cloud
               services and their personnel might not adhere to the same security
               standards as your organization.

               Understand hypervisors. The hypervisor, also known as the virtual
               machine monitor (VMM), is the component of virtualization that
               creates, manages, and operates the virtual machines.

               Know about the type I hypervisor. A type I hypervisor is a native

               or bare-metal hypervisor. In this configuration, there is no host OS;
               instead, the hypervisor installs directly onto the hardware where the
               host OS would normally reside.

               Know about the type II hypervisor. A type II hypervisor is a
               hosted hypervisor. In this configuration, a standard regular OS is
               present on the hardware, and the hypervisor is then installed as
               another software application.

               Define CASB. A cloud access security broker (CASB) is a security

               policy enforcement solution that may be installed on-premises, or it
               may be cloud based.

               Understand SECaaS. Security as a service (SECaaS) is a cloud
   658   659   660   661   662   663   664   665   666   667   668