绍姆堡,伊利诺伊州,美国- For organizations that adopt a Zero Trust approach for their cybersecurity program—adhering to the principles of “never trust, always verify”—it is important to periodically review, test and adjust their model to ensure that all users have the least amount of access to perform their jobs in order to better protect assets and systems. A 新的审核程序 from ISACA supports IT auditors in assessing these controls and 流程 to ensure their Zero Trust models are effective.
A subpar Zero Trust program can lead to major impacts, such as unplanned costs associated with incident response, significant impact resulting from regulatory censure, 未能达成业绩目标, 系统停机时间, loss of business-critical data and/or systems, 名誉受损.
ISACA的 零信任审计计划 guides auditors in examining the core focus areas that can reduce the impact of a cyberincident. 的 program can be used to assess an organization’s ability to secure itself based on Zero Trust policies and procedures, as well as to evaluate related controls and their effectiveness in reducing the likelihood of a cybersecurity incident. 的 program also hones in on shortcomings pertaining to personnel, 流程, 技术和治理, as well as various types of operational 风险 that could have a reputational impact.
“组织不是一成不变的, and so their Zero Trust model for their cybersecurity programs should not be either,桑帕大卫·桑帕说, regional senior IT auditor at World Vision, member of the ISACA Emerging Trends Working Group and a developer of the paper. 当一个澳门赌场官方下载的角色, 责任, 供应商或基础设施的变化, 或者对策略进行更新, data classification or incident response 流程, they also need to adjust their Zero Trust model accordingly to address these and reduce 风险.”
的 audit program—which includes an Excel file with testing steps—also outlines the specific 流程 that auditors should consider when assessing the maturity level of a Zero Trust program, 包括:
- Continuous authentication validation and 风险 analysis 流程
- Microperimeter implementations built around and between all critical applications, 系统和数据存储
- Just-in-time (JIT) and proportionate access controls
- Advanced attack protections integrated into application workflows
“Only through a concerted effort involving rigorous testing of controls and monitoring of a range of 流程 can organizations really have a clear picture of where they stand with their Zero Trust program and how they can continue to strengthen it,保罗·菲利普斯说。, ISACA导演, 活动内容开发. “ISACA is committed to providing auditors with the support and resources they need to continue refining and advancing their Zero Trust approach to ultimately reduce their 风险 of and impact from cyberincidents.”
的 零信任审计计划 is US$25 for ISACA members and US$49 for non-members and can be accessed at http://store.lrwproperties.com/s/store#/store/browse/detail/a2S4w000007kBArEAM.
Additional audit programs and resources can be found at: boost.lrwproperties.com/resources/insights-and-expertise/audit-programs-and-tools.
关于ISACA
ISACA® (boost.lrwproperties.com) is a global community advancing individuals and organizations in their pursuit of digital trust. 50多年了, ISACA has equipped individuals and enterprises with the knowledge, 凭证, 教育, training and community to progress their careers, 改变他们的组织, and build a more trusted and ethical digital world. ISACA is a global professional association and learning organization that leverages the expertise of its more than 170,000 members who work in digital trust fields such as information security, 治理, 保证, 风险, 隐私和质量. It has a presence in 188 countries, including 225 chapters worldwide. 通过其基金会One In Tech, ISACA supports IT 教育 and career pathways for underresourced and underrepresented populations.
Twitter: www.推特.com/ISACANews
LinkedIn: www.linkedin.com/company/isaca
Facebook: www.脸谱网.com/ISACAGlobal
Instagram: www.instagram.com/isacanews
联系
布里奇特·德鲁克,+1.847.660.5554
艾米丽·阿亚拉,+1.847.385.7223
