Scribd
Upload
5 views24 pages

Team 1 - Principles of Information Securety

The Zero Trust Security Model is a cybersecurity approach that requires verification of all identities before granting access, treating every access attempt as a potential threat. Key components include implementing least privilege access controls, continuous monitoring, network segmentation, and multi-factor authentication to enhance security. This model aims to protect critical infrastructure and reduce risks associated with data breaches, especially in remote work environments.

Uploaded by

22071155
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
5 views24 pages

Team 1 - Principles of Information Securety

The Zero Trust Security Model is a cybersecurity approach that requires verification of all identities before granting access, treating every access attempt as a potential threat. Key components include implementing least privilege access controls, continuous monitoring, network segmentation, and multi-factor authentication to enhance security. This model aims to protect critical infrastructure and reduce risks associated with data breaches, especially in remote work environments.

Uploaded by

22071155
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 24

ZERO TRUST

SECURITY
MODEL
Team
1
OUR
GROUP
Bui Thu Phuong-22070013

Dao Mai Trang - 22071155

Pham Hieu Ngan -22070030


I. WHAT
IS ZERO
TRUST?
Zero Trust is a cybersecurity approach
where no one is trusted, inside or
outside the network, until their
identity is verified. It assumes all
access attempts are threats, guiding
administrators to implement strict
security measures.
II.
RESEARCH
FOCUS
1. Impact
analysis
4 REASONS TO USE THE
ZERO TRUST MODEL TO
IMPROVE SECURITY:
• First: Fight against internal and external
threats

• Second: Zero Trust reduces the risk of data


exfiltration

• Third: Securing a remote workforce

• Fourth: A good investment to prevent data


loss
2. Implementing a Zero
Trust model in protecting
critical infrastructure and
enterprise networks.
• Visibility: Clearly identify all devices and
resources to be monitored and
protected. Visibility into all user access

THREE CORE points is essential.

AREAS THAT A • Policy: Establish detailed and strict


access controls, allowing only specific
BUSINESS users to access certain resources under
SHOULD defined conditions.

DEVELOP BEFORE • Automation: Automate processes to


IMPLEMENTING A ensure accurate policy application and
quick adaptation to deviations. This is
ZERO TRUST crucial for implementing a Zero Trust

SECURITY model.

MODEL:
III. IMPLEMENT LEAST
PRIVILEGE ACCESS
CONTROLS, CONTINUOUS
VERIFICATION, NETWORK
SEGMENTATION, AND USE
MULTI-FACTOR
• Least Privilege Access: Allow users and
devices to access only necessary
resources, reducing access points to
sensitive data and saving time and
resources by limiting MFA usage.
ACCESS
CONTROLS:
• Identify Users and Devices: Always know
who and what is connecting to the
business network, especially important
with remote workforces.

• Provide Secure Access: Centrally manage


access across all IT systems, limiting it to
specific users, devices, and applications.
Make real-time access decisions based on
policies and context.
CONTINUOUS
MONITORING:
• Use advanced, persistent security measures
beyond traditional antivirus software. Monitor
network security status and health using
machine learning and behavior-based
detection.
NETWORK
SEGMENTATION IN
ZERO
• Divide theTRUST:
network into smaller segments with
controlled access, limiting movement within
the system. Verify all users and devices before
granting access to any resources.
The benefits of
network
segmentation
• Lateral Movement
Limitation
• Access Control
• Risk management
and troubleshooting
For example: Businesses can divide the
network into segments such as the
financial area, the customer data area, and
the internal area. Users in each segment
will only can access data related to their
work, thereby protecting other segments
from unnecessary access risks.
MULTI-FACTOR AUTHENTICATION
(MFA) IN ZERO TRUST

Multi-factor authentication is the


requirement for users to provide multiple
layers of verification before being granted
access to resources. MFA ensures that even
if a password is compromised, hackers
cannot easily access the system without
additional information such as an OTP code,
employee code, authenticated device, or
biometric verification.
- Commonly applied authentication factors
include:
+ Something You Know: Password or Pin
+ Something You Have: OTP code from a
phone or token device
FOR EXAMPLE
USB Token digital signature, this type of token is popular in businesses
or individuals who need to conduct online transactions, sign documents
or electronic contracts. USB Tokens store the user's digital certificates,
and when signing documents or transactions, the user needs to insert
the token into the computer and authenticate the PIN code. These
devices are often used in online banking transactions, enterprise
document management systems, or online public service portals  these
tokens help secure the system by requiring an additional layer of
authentication in addition to the password, thereby preventing
unauthorized access to important accounts and data.
How to
Implement Zero
Trust Security?
- Outline the types of data or network
components that you really need to
protect. For many companies, this might
IDENTIFY THE include:

PROTECTION o Customer data


o Financial reports
SURFACE o Employee information
o Proprietary collateral such as blueprints
and patents
o Network equipment such as servers,
switches, and routers
Identify the resources that each user needs to
access to perform their tasks and ensure that
they can only access those specific areas. In this
way, limiting the attack surface to phishing or
LIMIT ACCESS TO malware intrusions will minimize human error.
DATA And if a user has a single weak password that is
used across multiple access points, a malicious
actor could figure that password out and
increase the impact of a breach. Hackers could
gain access to areas of the network that are
essential to the user’s job, as well as areas that
are not.
GIVE YOUR TEAM
VISIBILITY

o Reporting: User activity reports can be analyzed to


identify attempts to break into your system.
o Analysis: Analyzing user activity over a period of time
can reveal behavioral patterns. A bug in the pattern can
indicate an attempt to bypass security protocols.
o Monitoring: Real-time monitoring of your system can
reveal hacker intrusion attempts as they happen.
o Logging: When system activity is recorded, you can
analyze the data to look for anomalies that may indicate
an attempted breach. You can also determine the
hacker’s methodology by studying logs after a hack
THANK
YOU!

You might also like