ABSTRACT
Zero trust (ZT) is a conceptual and architectural model for cybersecurity teams to design networks into secure micro-perimeters and strengthen data security by systematically integrating state-of-the-art technology, risk management, and threat intelligence. ZT has recently gained momentum in the industry to defend against lateral movement of malicious actors in today’s borderless networks. The United States 2021 President Executive Order requires the federal government must adopt security best practice and advance toward a zero trust architecture (ZTA). However, it is not a trivial task to implement a ZTA due to its novelty and complexity. We need to understand what ZTA is to take the advantage of it. Therefore, there is a need to introduce the fundamental concepts, principles, and architectures of ZT in cybersecurity courses at a college to better prepare our new cybersecurity professionals for their careers.
We have introduced ZT in a cybersecurity course for senior undergraduates and another course for graduate students. This article provides an overview of the materials we have used to introduce ZT in both courses, including the problems in a traditional perimeter-based security model and how these problems can be either resolved or mitigated with a ZT security model. We expect our work will serve as a good reference for educators to introduce ZT security model in a cybersecurity course.
- Lampis Alevizos, Vinh Thong Ta, and Max Hashem Eiza. 2022. Augmenting zero trust architecture to endpoints using blockchain: A state-of-the-art review. SECURITY AND PRIVACY 5, 1 (2022), e191. https://doi.org/10.1002/spy2.191 arXiv:https://onlinelibrary.wiley.com/doi/pdf/10.1002/spy2.191e191 SPY-2021-0038.R2.Google ScholarCross Ref
- Christoph Buck, Christian Olenberger, André Schweizer, Fabiane Völter, and Torsten Eymann. 2021. Never trust, always verify: A multivocal literature review on current knowledge and research gaps of zero-trust. Computers & Security 110 (2021), 102436: 1–26. https://doi.org/10.1016/j.cose.2021.102436Google ScholarDigital Library
- Casimer DeCusatis, Piradon Liengtiraphan, Anthony Sager, and Mark Pinelli. 2016. Implementing Zero Trust Cloud Networks with Transport Access Control and First Packet Authentication. In 2016 IEEE International Conference on Smart Cloud (SmartCloud). IEEE, New York city, NY, USA, 5–10. https://doi.org/10.1109/SmartCloud.2016.22Google Scholar
- Bryan Embrey. 2020. The top three factors driving zero trust adoption. Computer Fraud & Security 2020, 9 (2020), 13–15.Google ScholarCross Ref
- David Holmes and Jess Burn. 2022. The Definition Of Modern Zero Trust. Forrester Research, Online. Available online at: https://www.forrester.com/blogs/the-definition-of-modern-zero-trust/#:~:text=Zero%20Trust%20Defined,users%20and%20their%20associated%20devices.. Retrieved on May 26, 2022.Google Scholar
- Scott Rose, Oliver Borchert, Stu Mitchell, and Sean Connelly. 2020. Zero Trust Architecture. NIST SP 800-207. Available online at: https://csrc.nist.gov/publications/detail/sp/800-207/final. Retrieved on May 12, 2022.Google Scholar
- Malcolm Shore, Sherali Zeadally, and Astha Keshariya. 2021. Zero Trust: The What, How, Why, and When. Computer 54, 11 (2021), 26–35. https://doi.org/10.1109/MC.2021.3090018Google ScholarDigital Library
- David Swift. 2010. Successful SIEM and Log Management Strategies for Audit and Compliance. SANS White paper. Available online at: https://www.sans.org/white-papers/33528/, last retrieved on June 23, 2022..Google Scholar
- Naeem Firdous Syed, Syed W. Shah, Arash Shaghaghi, Adnan Anwar, Zubair Baig, and Robin Doss. 2022. Zero Trust Architecture (ZTA): A Comprehensive Survey. IEEE Access X.2021(2022), 1–36. https://doi.org/10.1109/ACCESS.2022.3174679Google Scholar
Index Terms
- Introducing Zero Trust in a Cybersecurity Course
Recommendations
What Should Cybersecurity Students Learn in School?: Results from Interviews with Cyber Professionals (Abstract Only)
SIGCSE '17: Proceedings of the 2017 ACM SIGCSE Technical Symposium on Computer Science EducationThere is a job gap in cybersecurity with many more security jobs than qualified candidates. The cybersecurity workforce shortage could be mitigated by developing better curricula that prioritize the Knowledge, Skills, and Abilities (KSAs) most important ...
Game based Cybersecurity Training for High School Students
SIGCSE '18: Proceedings of the 49th ACM Technical Symposium on Computer Science EducationCybersecurity is critical to the national infrastructure, federal and local government, military, industry, and personal privacy. To defend the U.S. against the cyber threats, a significant demand for skilled cybersecurity workforce is predicted in ...
The role of national cybersecurity strategies on the improvement of cybersecurity education
AbstractDigital information and telecommunication technologies have not only become essential to individuals’ daily lives but also to a nation’s sustained economic growth, societal well-being, critical infrastructure resilience, and national ...
Comments