CISO Tradecraft: Zero Trust
CISO Tradecraft®
English - March 12, 2021 12:30 - 45 minutes - 62.1 MB - ★★★★★ - 46 ratingsTechnology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Would you actually like to learn about what Zero Trust is without a bunch of marketing jargon? On this week's episode G Mark Hardy and Ross Young provide a thoughtful discussion on Zero Trust from NIST and Microsoft:
Microsoft's Zero Trust Principles
Verify Explicitly
Use Least Privileged Access
Assume Breach
NIST 800-207 Seven Tenets of Zero Trust
All data sources and computing services are considered resources
All communication is secured regardless of network location
Access to individual enterprise resources is granted on a per-session basis
Access to resources is determined by dynamic policy
The enterprise monitors and measures the integrity and security posture of all owned and associated assets
All resource authentication and authorization are dynamic and strictly enforced before access is allowed
The enterprise collects as much information as possible about the current state of assets, network infrastructure, and communication and uses it to improve its security posture
Six Foundational Elements of Zero Trust
Identities
Devices
Applications
Data
Infrastructure
Networks