From day 1, we have been implementors of John Kindervag’s Zero Trust Security Model. It is a holistic, multilayered approach to data security and a true path to follow. As assessors, we see several large problems that you would never see in a professional style defense. At many enterprises and OEMs, when it comes to defensive operations, there are issues in their leadership and holistic strategy. Let’s give you an example. The enterprise has invested in the best storage server and backup strategy and has a very robust firewall. They have MFA and VPNs. But when they are assessed against the Insider Threat, protection of all endpoint devices, cybersecurity training and threat reports from users, quality management, verification systems at all levels, and active monitoring, their house of cards tumbles. That is why the enterprise and OEMs are making day to day announcements of the failures that they are aware of. In auditing, the most talented assessors are always in search of the root cause. In today’s test, as a leader, pick one of your platforms. Then with your team, have them describe all the ways that the platform can be exploited, which is part of the ZTSM process. Individuals might get 50%, teams can get 85%, the NIST standard will get 100%. The root cause is operating daily and not having a complete understanding of cybersecurity defense outside one’s SME specialty. When we work with Architects, many have never reviewed, read, or learned the NIST standard, so when their system is assessed to a robust CSF standard, it typically fails. So how to fix the problem. The US is heading to the NIST CSF and ZTA model. Every federal agency and 75% of all States have adopted the model. What needs to change is for the enterprise and OEMs to adopt the model. When this occurs, we will stop failing, because the many non-compliant businesses that presently have no CSF will now be compliant.
Are you looking for a professional assessment of your cybersecurity system? ISO 31000 certified TechR2 is a leader that will help you discover your data security vulnerabilities and help you build a stronger technology culture in your organization.