Zero Trust Playbook

Learn more

Zero Trust Overview and Playbook Introduction

Guidance for business, security, and technology
leaders and practitioners

This first book in the series helps you understand what Zero Trust is, why it’s important for you, and what success looks like. You’ll learn about the driving forces behind Zero Trust – security threats, digital and cloud transformations, business disruptions, business resilience, agility, and adaptability. The six-stage playbook process and real-world examples will guide you through cultural, technical, and other critical elements for success.

Chapter 1: Zero Trust – This Is the Way

This chapter kicks off the book by defining Zero Trust, why it is important to different roles (in different ways), why the term can be confusing for some people, and what a Zero Trust transformation looks like.

Chapter 2: Reading the Zero Trust Playbook Series

This chapter describes the overall playbook series structure and reading strategies for each role to get the most out of the playbooks.

Chapter 3:  Zero Trust Is Security for Today’s World

This chapter provides a deeper dive into Zero Trust and how it enables organizations to defend against attacks and manage continuously changing risk in today’s high-speed, high-complexity world.

This describes the implications and imperatives of Zero Trust as well as dispelling confusion by answering questions that are frequently asked (or should be asked) about cybersecurity and Zero Trust including:

  • Aren’t attackers just kids in their basements playing on computers?
  • Shouldn’t security have solved this simple technical problem by now?
  • Who are the attackers?
  • Can’t we just arrest these criminals and put them in jail?
  • Is this just a matter of spending more money?
  • If I have a Zero Trust strategy and funding, can I make this go away quickly?
  • Can we ever be completely safe?
  • What should I do about it? Is this cyberwar?
  • What are the most damaging attacks?
  • What does success look like for security and Zero Trust?
  • Why is Zero Trust so confusing?
  • How do I know if something is Zero Trust?

Chapter 4: Standard Zero Trust Capabilities

This chapter defines Zero Trust using standard business capabilities from The Open Group’s Zero Trust Reference Model. This chapter describes the asset-centric and data-centric approach to security that sustains your security assurances in the face of continuous business, technology, and threat environment changes.

Chapter 5: Artificial Intelligence (AI) and Zero Trust

This chapter provides a summary of AI and its impacts, limitations, and relationship with Zero Trust. This chapter describes what AI is (and isn’t), the impact of AI, its limitation, and how to manage AI security risk using Zero Trust.

Chapter 6: How to Scope, Size, and Start Zero Trust

This chapter describe how to take an agile approach to security (think big, start small, move fast), how to scope and prioritize quick wins and incremental progress, and some key terminology changes.

Chapter 7: What Zero Trust Success Looks Like

This chapter describes how to avoid typical failures that plague most technology projects by focusing on the key success factors for Zero Trust.

Chapter 8: Adoption with the Three-Pillar Model

This chapter describes the three-pillar model used as the foundation of the playbooks that helps you orchestrate Zero Trust and integrate it with your whole organization. This includes a case study of Acme Bank to illustrate using the 3 pillar model to plan their Zero Trust adoption. 

Chapter 9: The Zero Trust Six-Stage Plan

This chapter describes the six-stage plan that enables you to plan, sustain, and continuously improve Zero Trust. This plan is the core structure used throughout all the playbooks and each stage of the plan includes steps and which roles are involved.

Chapter 10: Zero Trust Playbook Roles

This chapter looks at the Zero Trust journey from a role-based perspective and what guidance will be covered by each role throughout the playbook series.

The role-by-role guidance structure includes:

  • Role mission and purpose
  • Role creation and evolution
  • Key role relationships
  • Required role knowledge, skills, and abilities
  • Role tooling and capabilities
  • Zero Trust impact and imperatives for each role
  • Playbook stage involvement for the role
  • A day in the life with Zero Trust
  • Defining and measuring success for the role