Zero trust: a progressive and comprehensive approach to CII protection

Registration

Start Date: 22 Jul 2024

End Date: 06 Oct 2024

Event dates

Start Date: 14 Oct 2024

End Date: 24 Oct 2024

Location

World or Multi-Regional

Training topics

Cybersecurity

Training type

Online instructor led

Languages

English

Event organizer

NRD Cyber Security

Event mail contact

ituacademy@itu.int

Tutors

Nerijus Šarnas

Coordinators

Rūta Jašinskiene
Ghazi Mabrouk

Price

$0.00

Course level

Introductory

Description

The Zero Trust Architecture (ZTA) approach is rapidly emerging as a pivotal trend in cybersecurity, particularly for the protection of Critical Information Infrastructure (CII). Unlike traditional security models relying on perimeter defense, ZTA operates on the principle of "never trust, always verify," ensuring that every access request is continuously authenticated and authorized.

This training course will cover the principles and benefits of ZTA through a series of instructor-led sessions. Examples of controls to implement, monitor and improve cybersecurity based on ZT principles will also be analyzed.

By understanding the principles of ZT, policymakers and CII regulators can proactively contribute to robust national cybersecurity by developing comprehensive control measures for all components of CII IT infrastructure, considering the latest cybersecurity achievements at the national level.

With the generous support of the Global Gateway Initiative of the European Union, this course is offered for free for selected participants.

Target population

This training course is intended for policy makers, CII regulators responsible for cybersecurity strategy, cybersecurity controls and requirements development. The training is also open to CII operators/owners, including CISO, and IT middle managers.

The training course is open to applications from all interested professionals, irrespective of their race, ethnicity, age, gender, religion, economic status and other diverse backgrounds. We strongly encourage registrations from female applicants, and applicants from developing countries (includes least developed countries, small island developing states, and landlocked developing countries).

Entry requirements

Members of the above-mentioned target population are invited to apply for the training if they meet the following criteria:

Have basic knowledge of cybersecurity.
Hold an undergraduate degree in a relevant field or have a minimum of three years of cybersecurity-related experience.
Possess a fluent level of English.
Complete the application questionnaire and attach an up-to-date CV.
Government officials and policymakers from developing countries, particularly women, are encouraged to apply.
Selection will be conducted by the course organizers, who will consider the above entry requirements along with an analysis of the application questionnaires and the CVs of all applicants.

Learning outcomes

Upon completion of this course, participants will be able to:

Explain ZT principles and its enabling infrastructure and ecosystem for government agencies.
Examine the reasons and benefits of implementing the Zero Trust Architecture.
Analyze examples of control measures to implement, monitor, and improve cybersecurity based on ZT principles.
Conduct simple assessments based on the ZT Maturity Model.

Methodology

The course consists of 8 modules and is divided into 4 online sessions, one session per week. Each online session lasts 3 hours and 30 minutes with a 15-minute break. All necessary course materials and additional resources (if any) will be provided through the ITU Academy platform.

To ensure maximum engagement and retention, the 4MAT teaching methodology will be utilized in all sessions. This involves interactive discussions on a topic, practical exercises, discussions to identify learning points, and individual note-taking to reflect on relevant habits that can be changed moving forward. At the end of each day, a review will be conducted to reinforce the key takeaways.

Below are the dates and times of the live sessions:

14 October 2024 (14:00 -18:00 CEST)
17 October 2024 (14:00 -18:00 CEST)
21 October 2024 (14:00 -18:00 CEST)
24 October 2024 (14:00 -18:00 CEST)

Evaluation and grading

Participants will be graded based on their final exam score (max. 60% of the total) and their active participation in the online lectures (max. 40% for lecture attendance, 10% per lecture). A total score of 70% or higher is required to obtain the ITU certificate.

Training course contents

Module 1: Introduction to Zero Trust

Topics covered:
- Introduction to Zero Trust
Key learning points:
- Explain the fundamental concepts of zero trust
- Explore the shift from traditional perimeter-based security to ZT
- List key principles of ZT (deep dive): never trust, always verify

Module 2: Benefits of Zero Trust

Topics covered:
- Benefits of Zero Trust
Key learning points:
- Define Zero Trust Architecture
- Present improved visibility and control over network traffic framework
- Explore mitigation of lateral movement models and compare insider threats vs. outsider threats
- Discuss the benefits of Zero Trust

Module 3: Pillars of Zero Trust and Maturity Model Overview

Topics covered:
- Pillars of Zero Trust
- Maturity Model Overview
Key learning points:
- Present main infrastructure pillars: Identity, Device, Network, Apply Workloads, Data (micro-segmentation, identity and access management (IAM), encryption)
- Explore cross-cutting capabilities: continuous monitoring, analytics, automation
- Review Zero Trust maturity model

Module 4: Public Sector Challenges in Cybersecurity

Topics covered:
- Public Sector Challenges in Cybersecurity
Key learning points:
- Present an overview of public sector cybersecurity challenges and trends
- Demonstrate ZTA framework’s suitability for CII protection
- Examine ZT policies: regulation and management models

Module 5: Technology Implementation for Zero Trust Adoption

Topics covered:
- Technology Implementation for Zero Trust Adoption
Key learning points:
- Review key technologies supporting ZTA implementation
- Explore case studies and best practices for deploying ZTA solutions
- Discuss integration considerations with existing security infrastructure
- Analyze regulation implementation models

Module 6: ZT Pillars Mapping with Actions to be Undertaken and Controls to be Implemented

Topics covered:
- ZT Pillars Mapping with Actions and Controls
Key learning points:
- Evaluate ZT pillars and map implementation applications
  - Identity pillar: centralized management, leased privileges, role-based access, strong authentication
  - Device pillar: strong inventory, regular patching and vulnerability scanning, endpoint protection deployment
  - Network pillar: traffic encryption, API security, network segmentation
  - Applications and workloads pillar: applications identification and inventory, interfaces security, and security testing program
  - Data pillar: regular backups, data classification, availability and security policies, activity logging

Module 7: Demystifying the Implementation of ZTA

Topics covered:
- Demystifying the Implementation of ZTA
Key learning points:
- Clarify uncertainties regarding ZTA implementation
- Investigate compliance aspects by asking the right questions
- Address common misconceptions and resistance to ZTA adoption

Module 8: Overcoming Challenges and Objections for ZTA Implementation

Topics covered:
- Overcoming Challenges and Objections for ZTA Implementation
Key learning points:
- Review strategies for overcoming organizational inertia and cultural barriers
- Identify scenarios with unfeasible ZTA applications

Bonus Topic

Examples of technical requirements and specifications aligned with the ZT concept for public procurement.

Registration information

Document on registration information (English)