Implement Zero Trust initiatives efficiently and effectively
In Project Zero Trust: A Story About a Strategy for Aligning Security and the Business, George Finney, Chief Security Officer at Southern Methodist University, delivers an insightful and practical discussion of Zero Trust implementation. Presented in the form of a fictional narrative involving a breach at a company, the book tracks the actions of the company's new IT Security Director.
Readers will learn John Kindervag's 5-Step methodology for implementing Zero Trust, the four Zero Trust design principles, and how to limit the impact of a breach. They'll also find:
- Concrete strategies for aligning your security practices with the business
- Common myths and pitfalls when implementing Zero Trust and how to implement it in a cloud environment
- Strategies for preventing breaches that encourage efficiency and cost reduction in your company's security practices
Project Zero Trust is an ideal resource for aspiring technology professionals, as well as experienced IT leaders, network engineers, system admins, and project managers who are interested in or expected to implement zero trust initiatives.
Table of Contents
About the Author xi
Acknowledgments xiii
Foreword xv
Introduction xxi
Chapter 1: The Case for Zero Trust 1
Key Takeaways 10
Chapter 2: Zero Trust Is a Strategy 13
Key Takeaways 26
The Four Zero Trust Design Principles 27
The Five-Step
Zero Trust Design Methodology 27
The Zero Trust Implementation Curve 27
Chapter 3: Trust Is a Vulnerability 29
Key Takeaways 39
Chapter 4: The Crown Jewels 43
Key Takeaways 54
Chapter 5: The Identity Cornerstone 57
Key Takeaways 71
Chapter 6: Zero Trust DevOps 73
Key Takeaways 83
Chapter 7: Zero Trust SOC 87
Key Takeaways 100
Chapter 8: Cloudy with a Chance of Trust 103
Key Takeaways 113
Chapter 9: A Sustainable Culture 117
Key Takeaways 129
Chapter 10: The Tabletop Exercise 133
Key Takeaways 147
Chapter 11: Every Step Matters 151
Key Takeaways 159
Appendix A: Zero Trust Design Principles and Methodology 165
The Four Zero Trust Design Principles 165
The Five-Step Zero Trust Design Methodology 166
Appendix B: Zero Trust Maturity Model 167
Appendix C: Sample Zero Trust Master Scenario Events List 171
Appendix D: For Further Reading 179
Standards, Frameworks, and Other Resources 179
Case Studies 180
Google BeyondCorp Papers 180
Books 181
Hardening Guides 181
Glossary 183
Index 191
