Page 664 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 664

provider concept in which security is provided to an organization
               through or by an online entity.

               Understand smart devices. A smart device is a range of mobile

               devices that offer the user a plethora of customization options,
               typically through installing apps, and may take advantage of on-device
               or in-the-cloud artificial intelligence (AI) processing.

               Comprehend IoT. The Internet of Things (IoT) is a new subcategory
               or maybe even a new class of devices connected to the internet in order
               to provide automation, remote control, or AI processing to traditional
               or new appliances or devices in a home or office setting.


               Understand mobile device security. Device security involves the
               range of potential security options or features that may be available for
               a mobile device. Not all portable electronic devices (PEDs) have good
               security features. PED security features include full device encryption,
               remote wiping, lockout, screen locks, GPS, application control, storage
               segmentation, asset tracking, inventory control, mobile device

               management, device access control, removable storage, and the
               disabling of unused features.

               Understand mobile device application security. The
               applications and functions used on a mobile device need to be secured.
               Related concepts include key management, credential management,
               authentication, geotagging, encryption, application whitelisting, and
               transitive trust/authentication.


               Understand BYOD. Bring your own device (BYOD) is a policy that
               allows employees to bring their own personal mobile devices to work
               and then use those devices to connect to (or through) the company
               network to business resources and/or the internet. Although BYOD
               may improve employee morale and job satisfaction, it increases
               security risks to the organization. Related issues include data
               ownership, support ownership, patch management, antivirus

               management, forensics, privacy, on-boarding/off-boarding, adherence
               to corporate policies, user acceptance, architecture/infrastructure
               considerations, legal concerns, acceptable use policies, and on-board
               cameras/video.
   659   660   661   662   663   664   665   666   667   668   669