Cyber Nuggets_Episode 005- Zero Trust

https://is1-ssl.mzstatic.com/image/thumb/Podcasts126/v4/78/05/56/7805568e-7d0c-68cd-8915-5b6bd7b1947a/mza_6671790797118600332.jpg/600x600bb.jpg

CyberJA

184 episodes

5 days ago

CyberJA is the place where we discuss all things Cybersecurity and GRC. The aim is to provide a source of valuable information for those who want to enter the field of cybersecurity. Listen to insights from industry cybersecurity leaders, that can significantly add value to your cybersecurity development. Tune in for daily nuggets & best practices.

Technology

RSS

All content for CyberJA is the property of CyberJA and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/production/podcast_uploaded/5123267/5123267-1662441590058-f4090bae7015d.jpg

Cyber Nuggets_Episode 005- Zero Trust

CyberJA

29 minutes 22 seconds

9 months ago

Cyber Nuggets_Episode 005- Zero Trust

Cyber Nuggets_Episode 005- Zero Trust_With Umar Chris Carter

In this cyber nugget conversation the following key areas/questions were addressed:

Is zero trust a tool, concept or strategy?

How can zero trust be implemented?

What are the challenges associated with zero trust?

what are the Pros and cons

Is Zero trust the solution to our information security challenges?

The Kipling Method, inspired by Rudyard Kipling's poem "I Keep Six Honest Serving-Men," is a problem-solving framework that employs six fundamental questions: Who, What, When, Where, Why, and How. In the context of Zero Trust security, this method is applied to develop comprehensive access policies by addressing these questions:

Who: Identifies the individual or system requesting access. This involves verifying the identity of the user or device to ensure they are authorized to access the resource.

What: Specifies the resource or data being accessed. Understanding what is being accessed helps in determining the sensitivity of the information and the level of protection required.

When: Defines the time frame during which access is permitted. Limiting access to specific times can reduce the risk of unauthorized access during off-hours.

Where: Determines the location from which access is requested. Geographical restrictions can be applied to prevent access from high-risk or unauthorized locations.

Why: Clarifies the purpose of the access request. Understanding the reason behind the request ensures that access is granted only when necessary and aligns with organizational policies.

How: Describes the method or process by which access is granted. This includes the authentication and authorization mechanisms in place, such as multi-factor authentication or device compliance checks.

Business context

The 4 R's of 0-trust:

Revenue

Resilience-key factor

Regulatory

Reputation

Benefits

Security

Simplicity

Reduce authentication