CISSP考试指南笔记：7.4 安全资源配置

provisioning is the set of all activities required to provide one or more new information services to a user or group of users.

At the heart of provisioning is the imperative to provide these services in a secure manner.

Asset Inventory

the most essential aspect of securing our information systems is knowing what it is that we are defending.

Tracking Hardware

The International Organization for Standardization published ISO/PAS 28000:2007 as a means for organizations to use a consistent approach to securing their supply chains.

The solution is to have a comprehensive monitoring process that actively searches for these devices and ensures compliance with your organization’s security policies.

Tracking Software

The solution to the software asset inventory problem is multifaceted. It starts with an assessment of the legitimate application requirements of the organization.

Here are some of the most widely accepted best practices:

• Application whitelisting
• Using Gold Masters
• Enforcing the principle of least privilege
• Automated scanning