登录查看更多内容

The roadmap

BuzzClan

Own the Solution

发布日期: 2022年12月12日

This is part V of the ZTA series, if you have not already done so, please bookmark the series so you can get to past and future vlogs

There are three different phases for implementing ZTA within your company.?

The first phase, Traditional, is for companies that have not yet implemented security measures with respect to ZTA - most likely, as you learn more about this ZTA you will realize that you are most likely not in this phase. If you do, we need to talk!!

The second phase, Advanced, is for companies that have some security measures in place. The third and final phase, Optimal, is for companies that have mature security practices.

?As ZTA applies across the five pillars -?

Identity
Device
Network
Application and?
Data?

- each of these areas may be in a different phase of implementation.?

Traditional:

In traditional systems, there are a lot of manual steps. You have to configure and assign attributes manually. Static security policies are in place, and incident response and mitigation deployment is also done manually. These systems rely on external systems a lot, so they can be very coarse-grained.

AMISEQ 2 个月前

My take on Zero Trust - SP 800-207

Alexandre BLANC Cyber Security 5 年前

Incident Response Life Cycle

Devo 2 年前

Advanced:

Centralized identity control and policy enforcement means that everyone has the same rules to follow. This makes it easier to keep track of what people are doing and to make sure that they are following the rules. Cross pillar coordination means that different parts of the systems work together. Limited automation in incident management means that we use machines to help us, but we still need people to do some of the work. And finally, least-privileged changes based on posture assessments means that we change how much access people have based on how safe we think they are.

Optimal:

The systems can automatically assign attributes to assets and resources. This helps us to give each asset the least amount of privileges it needs to function. We also use open standards so our system can work with other systems. And we keep a record of the system's state at all times, so we can audit what has happened in the past.

No alt text provided for this image — High level view of ZTA Maturity model

So where do you stand overall, or within the pillar which is in your sphere of influence?

In the next episodes, we will discuss these states as they apply to the 5 pillars in the Zero Trust Maturity Model

The roadmap

BuzzClan

Own the Solution

领英推荐

Zero Trust Architecture

5,944 位关注者

更多精彩文章

社区洞察

其他会员也浏览了

4-Hour Hands-On Incident Response Workshop w/ Patterson Cake

Building a Resilient Future: 2025 Roadmap for AI, Cybersecurity, and Risk Management

Will CMMC 2.0 change the rules for MSPs?

Monthly Newsletter - February 2023

Preparing For EU DORA

Accorian Newsletter September 2024

Free Webinar -HIPAA and Incident Response: How to Manage Security Incidents in a HIPAA-Compliant Environment

Mastering Timing for Optimal Incident Response

Comparing NIST, MARS-E, and HITRUST Audit Programs: Understanding Key Differences and Considerations in Control Frameworks

The new ISO 27002:2022

领英推荐

Zero Trust Architecture

5,944 位关注者

Foundational AI - Architecture

2023年11月27日

The evolution of security: From perimeter-based to zero trust

2023年4月14日

ZTA - The Recipe

2023年1月24日

The roadmap continued - Piller V - Data

2023年1月23日

The roadmap continued - Piller IV - Application workload

2023年1月20日

The roadmap continued - Piller III - Network/Environment

2023年1月17日

The roadmap continued - Piller II - Device

2023年1月13日

The roadmap continued - Piller I - Identity

2022年12月21日

Why adapt the Zero Trust Architecture

2022年12月5日

What is Zero Trust Architecture

2022年12月2日