A 12 hours of training on Zero Trust security Framework
What is Zero Trust?
Zero Trust is a security framework that mandates the authentication, authorization, and continuous validation of all users—whether inside or outside the organization’s network—before granting or maintaining access to applications and data..
▪ In Zero Trust training, trust is not automatically granted based on a user's location or the network they're accessing. Instead, access to resources is granted based on strict verification of identity, device security posture, and other contextual factors.
Key components of Zero Trust Architecture include:
• Identity verification, device security posture assessment, least privilege access, micro-
segmentation, and continuous monitoring.
Why is Zero Trust model Needed?
The modern workforce is becoming increasingly mobile, accessing applications and cloud services from multiple devices outside of the business perimeter. In the past, many enterprises adopted a “verify, then trust” model — which meant if someone had the correct user credentials, they were admitted to whichever site, app, or device they were requesting. This resulted in an increased risk of exposure, dissolving what was once the trusted enterprise zone of control and leaving many organizations exposed to data breaches, malware, and ransomware attacks. Protection is now needed within specific digital infrastructures where applications and data, and users and devices, are located.
Who can attend
▪ IT and Network Security Professionals
▪ System Administrators
▪ Security Architects
▪ Compliance and Risk Management Professionals
▪ IT Managers and Executives
▪ Consultants and Service Providers
Objectives:
▪ Minimize Trust Assumptions: ZTA verifies every user, device, and application accessing network resources, reducing reliance on assumed trust based on location or identity.
▪ Strengthen Access Control: Implement granular access controls, granting users and devices only the necessary access based on the principle of least privilege.
▪ Enhance Security Posture: Improve overall security by reducing the attack surface and proactively preventing, detecting, and responding to threats.
▪ Enable Secure Remote Access: Facilitate secure access to organizational resources for remote workers and cloud-based services without compromising security.
Day 1
• Introduction: Welcome, introductions, and training agenda overview
• Overview of Zero Trust: Definition, principles, history, evolution, importance in modern cybersecurity
• Core Component of Zero Trust: Identity verification, device security, network segmentation, least privilege access
• Zero Trust Architecture: Zero Trust Network Access (ZTNA), Software-Defined Perimeter (SDP), comparison with traditional network securit
• Case Study and Real-World Examples: Successful Zero Trust implementation, lesson learned
Day 2
• Planning & Strategies: Assessing current security posture, setting goals, and objectives, building a roadmap
• Identify and Access Management (IAM): Multi Factor Authentication (MFA), Single Sign-On (SSO), Role Based Access Matrix (RBAC), identity governance
• Network Security: Microsegmentation, network traffic analysis and monitoring, SASE Device & Endpoint Security: Endpoint Detection and Response (EDR), Mobile Device Management
(MDM), secure configurations and patch management
Day 3
• Data Security and Privacy : Data Classification, encryption, Data Leakage Prevention (DLP), privacy regulation, and compliance
• Threat Detection and Response: Behavioural analytics, incident response planning, SIEM
• Automation and Orchestration: Security Automation tools and techniques, orchestration platform
• Future Trends and Challenges: Emerging technologies, maintaining a Zero Trust environment
• Demo Exercise: Demo Exercise
Trainer Profile: Sudhanshu Patel, Subject Matter Expert –Compliance & Audit
Network Intelligence
With five years of dedicated service at Network Intelligence, Sudhanshu Patel has established
great expertise in various cybersecurity domains. Proficient in identifying, mitigating, and managing cyber threats, He excels in information security, data security, network security, and data privacy. He has successfully implemented critical security standards and regulations such
as PCI DSS, ISO 27001, GDPR, and HIPAA for multiple customers. He has a great understanding of IAM, Cloud Security, Information Security, PCI DSS, and ISO 27001.