A process whereby you use a security standard for any system, app, or service that is considered secure to create your own security benchmark.
Separately securing the baseline "gold" image to ensure its integrity.
Separating environments for increased security.
Development - App Dev
Test - Replicating production as much as possible.
Staging - Code preparation/consolidation.
Production - Where you do business. Very restricted access.
Sandboxing - A completely isolated test environment.
A safe execution environment for untrusted programs.
Allows programs and processes to be run in an isolated environment to limit access to files and the host system.
Example: Web Pages
Monitoring systems against the baseline for any deviations.
Examples: Tripwire, Hash Checking