Zero Trust Overview and Playbook Introduction

Zero Trust Overview and Playbook Introduction

by Mark Simos, Nikhil Kumar
Released October 2023
Publisher(s): Packt Publishing
ISBN: 9781800568662

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Enhance your cybersecurity and agility with this thorough playbook, featuring actionable guidance, insights, and success criteria from industry experts

Key Features

  • Get simple, clear, and practical advice for everyone from CEOs to security operations
  • Organize your Zero Trust journey into role-by-role execution stages
  • Integrate real-world implementation experience with global Zero Trust standards
  • Purchase of the print or Kindle book includes a free eBook in the PDF format

Book Description

Zero Trust is cybersecurity for the digital era and cloud computing, protecting business assets anywhere on any network. By going beyond traditional network perimeter approaches to security, Zero Trust helps you keep up with ever-evolving threats.

The playbook series provides simple, clear, and actionable guidance that fully answers your questions on Zero Trust using current threats, real-world implementation experiences, and open global standards.

The Zero Trust playbook series guides you with specific role-by-role actionable information for planning, executing, and operating Zero Trust from the boardroom to technical reality.

This first book in the series helps you understand what Zero Trust is, why it’s important for you, and what success looks like. You’ll learn about the driving forces behind Zero Trust – security threats, digital and cloud transformations, business disruptions, business resilience, agility, and adaptability. The six-stage playbook process and real-world examples will guide you through cultural, technical, and other critical elements for success.

By the end of this book, you’ll have understood how to start and run your Zero Trust journey with clarity and confidence using this one-of-a-kind series that answers the why, what, and how of Zero Trust!

What you will learn

  • Find out what Zero Trust is and what it means to you
  • Uncover how Zero Trust helps with ransomware, breaches, and other attacks
  • Understand which business assets to secure first
  • Use a standards-based approach for Zero Trust
  • See how Zero Trust links business, security, risk, and technology
  • Use the six-stage process to guide your Zero Trust journey
  • Transform roles and secure operations with Zero Trust
  • Discover how the playbook guides each role to success

Who this book is for

Whether you’re a business leader, security practitioner, or technology executive, this comprehensive guide to Zero Trust has something for you. This book provides practical guidance for implementing and managing a Zero Trust strategy and its impact on every role (including yours!). This is the go-to guide for everyone including board members, CEOs, CIOs, CISOs, architects, engineers, IT admins, security analysts, program managers, product owners, developers, and managers. Don't miss out on this essential resource for securing your organization against cyber threats.

Table of contents

  1. Zero Trust Overview and Playbook Introduction
  2. Foreword
  3. Contributors
  4. About the authors
  5. About the reviewer
  6. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Conventions used
    5. Get in touch
    6. Share Your Thoughts
  7. Chapter 1: Zero Trust – This Is the Way
    1. Introducing Zero Trust
    2. Introducing the Zero Trust Playbook Series
      1. Common Zero Trust questions
    3. Summary
  8. Chapter 2: Reading the Zero Trust Playbook Series
    1. Reading strategies
    2. How we structured the playbooks
      1. Zero Trust Overview and Playbook Introduction
      2. Business and Technical Leadership Playbook
      3. Technical Topic Playbooks
      4. Futures
    3. Summary
  9. Chapter 3: Zero Trust Is Security for Today’s World
    1. Continuous change and why we need Zero Trust
    2. Changes come faster in the digital age
    3. Defining success in the digital age
    4. Technology accelerates change and complexity
      1. A darker trend – the growth of cybercrime
      2. Staying balanced – assume failure and assume success
      3. Cybersecurity or information security?
    5. Implications and imperatives of Zero Trust
      1. It’s a team sport
      2. Security must be agile
      3. Failure is not an option
    6. Dispelling confusion – frequently asked questions on Zero Trust
      1. Aren’t attackers just kids in their basements playing on computers?
      2. Shouldn’t security have solved this simple technical problem by now?
      3. Who are the attackers?
      4. Can’t we just arrest these criminals and put them in jail?
      5. Is this just a matter of spending more money?
      6. If I have a Zero Trust strategy and funding, can I make this go away quickly?
      7. Can we ever be completely safe? What should I do about it?
      8. Is this cyberwar?
      9. What are the most damaging attacks?
      10. What does success look like for security and Zero Trust?
      11. Why is Zero Trust so confusing?
      12. How do I know if something is Zero Trust?
    7. Summary
  10. Chapter 4: Standard Zero Trust Capabilities
    1. Consistency via a simple model and durable capabilities
    2. The Open Group Zero Trust Reference Model
      1. Security disciplines
      2. Digital ecosystems and business assets
    3. Key Zero Trust capabilities
      1. Capabilities as a common language of security
      2. Zero Trust capabilities reference
    4. Does Zero Trust include network security?
    5. Summary
  11. Chapter 5: Artificial Intelligence (AI) and Zero Trust
    1. What is AI?
    2. What will the impact of AI look like?
    3. What are the limitations of AI?
      1. AI models do not “understand” anything
      2. AI models reflect any biases in their data
    4. How can Zero Trust help manage AI security risk?
      1. Zero Trust – the top four priorities for managing AI risk
    5. How will AI impact Zero Trust?
    6. Summary
  12. Chapter 6: How to Scope, Size, and Start Zero Trust
    1. Agile security – think big, start small, move fast
      1. What is agile security?
      2. Applying agility in practice
      3. Focus on progress instead of perfection
      4. Always ruthlessly prioritize
      5. Myths and misconceptions that block security agility
      6. Pursuing perfect security is a delusion
      7. Pursuing perfect solutions is a perfect waste
      8. Perfect plans are perfectly fragile
    2. Scoping, sizing, and starting Zero Trust
      1. Will Zero Trust work in my organization?
      2. Is it better to go big or plan smaller projects?
      3. Large Zero Trust transformations are the most effective
      4. Good communication can catalyze executive sponsorship
      5. Starting small is sometimes required
      6. How do I ensure Zero Trust stays on track and continuously delivers value?
      7. What is the best place to start Zero Trust?
    3. Key terminology changes and clarification
      1. Newer terminology – technical estate
      2. Disambiguation – operations, operational, operating model, and so on
    4. Summary
  13. Chapter 7: What Zero Trust Success Looks Like
    1. Zero Trust success factors
    2. Factor one – clear strategy and plan
    3. Factor two – security mindset and culture shifts
      1. Security risk is business risk
      2. Security is a business enabler
      3. Security is everyone’s responsibility
      4. Security risk accountability starts at the top
      5. Assume compromise (assume breach)
      6. Explicit validation of trust
      7. Asset-centric and data-centric security
      8. Cybersecurity is a team sport
    4. Factor three – human empathy
      1. Zero Trust provides a competitive advantage
      2. Key cultural themes
    5. Summary
  14. Chapter 8: Adoption with the Three-Pillar Model
    1. Introduction to the three pillars
    2. Playbook structure
      1. Playbook layout
      2. The strategic pillar
      3. The operational pillar
      4. The operating model pillar
    3. Stitching it all together with the Zero Trust Playbook
      1. Zero Trust integration drives changes
    4. Summary
  15. Chapter 9: The Zero Trust Six-Stage Plan
    1. Overview of the six-stage plan
      1. Using the playbook stages effectively
    2. The playbook stages in detail
      1. Stage 1 – Establish a strategy
      2. Stage 2 – Set up an operating model
      3. Stage 3 – Create the architecture and model
      4. Stage 4 – Tailor to the business
      5. Stage 5 – Implement and improve
      6. Stage 6 – Continuously monitor and evolve
    3. Summary
  16. Chapter 10: Zero Trust Playbook Roles
    1. Role-based approach
      1. Integration of roles with the six-stage plan
      2. Zero Trust affects everyone
      3. Role definition and naming
    2. Illustrative list of roles
    3. Per-role guidance
      1. Role mission and purpose
      2. Role creation and evolution
      3. Key role relationships
      4. Required skills and knowledge
      5. Tooling and capabilities for each role
      6. Zero Trust impact and imperatives for each role
      7. Playbook-stage involvement for each role
      8. A day in the life of Zero Trust for each role
      9. Defining and measuring success
      10. Summary of per-role guidance
    4. Making it real
    5. Summary
    6. Book 1 summary
    7. What’s next in The Zero Trust Playbook Series
  17. Index
    1. Why subscribe?
  18. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Share Your Thoughts

Product information

  • Title: Zero Trust Overview and Playbook Introduction
  • Author(s): Mark Simos, Nikhil Kumar
  • Release date: October 2023
  • Publisher(s): Packt Publishing
  • ISBN: 9781800568662