Implementation -> Infrastructure Hardening: Applications are running in virtualized environments
Risk and Opportunity
Risk: Through a vulnerability in one service on a server, the attacker gains access to other services running on the same server.
Opportunity: Applications are running in a dedicated and isolated virtualized environments.
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Very High
OWASP SAMM 2 Mapping: o-environment-management|A|1
ISO27001:2017 Controls Mapping:
- virtual environments are not explicitly covered by ISO 27001 - too specific