Zero Trust Architecture (week 2)

     I decided to write about Zero Trust Architecture(ZTA) as it represents a fundamental shift from traditional perimeter-based defenses to a security model premised on a "neve trust, always verify." introduced by Forrester analyst John Kindervag in 2010, ZTA demands that every access request, whether it originates inside or outside the network, be authenticated, authorized, and continuously validated before granting the least-privilege access to resources. At its core, ZTA relies on three technical pillars, which are robust identity authentication to confirm its legitimacy of users and devices, fine grained access control to limit permissions strictly to what's necessary, and dynamic trust assessment to adapt policies in real time based on contextual signals.

    Despite its promise, the adoption of ZTA faces several challenges. Many organizations remain unaware of ZTA's benefits and struggle to retrofit legacy systems designed for static perimeters. Encryption and proprietary protocols can obscure critical telemetry, complicating trust evaluations, while the cost and complexity of implementing continuous, machine driven policy updates can deter resource constrained teams. Looking ahead, future trends include tighter integration with AI-powered analytics for adaptive trust scoring, standardization around frameworks such as NIST's ZTA guidelines, and expanded support for emerging environments like IoT and edge computing. Efforts that will be crucial for scaling Zero Trust from pilot projects to enterprise wise deployments.

Implementing ZTA in the real world also reveals valuable lessons about the challenges and paths forward. Organizations often struggle to retrofit legacy systems into a zero trust framework, hindered by limited visibility into encrypted traffic, incomplete understanding of ZTA's benefits, and the upfront cost of continuous monitoring and policy orchestration.

Here is the resource document I read:

https://onlinelibrary.wiley.com/doi/full/10.1155/2022/6476274

Cybersecurity Ethics

     Cybersecurity Ethics has become increasingly critical as the digital landscape evolves and cyber threats grow as well. Ethics in this field serves as a foundational guidepost, defining right and wrong actions to protect individuals and organizations from harm. Considering phishing, which is one of the oldest cybercrimes dating back to 1990s, which in the document i read said to cause over $4 billion in loses in 2020, underscoring the high stakes at play. Ethical principles distinguish cybersecurity professionals from malicious actors, while hackers exploit vulnerabilities to steal or corrupt data, ethical practitioners use the same skill to fortify defenses and safeguard sensitive information.

    Navigating the ethical landscape requires balancing powerful tools with strong moral responsibility. While hat hacking, for example, involves using privileged access to probe systems for vulnerabilities., but only with explicit authorization and strict adherence to agreed upon rules of engagement. Professional must also guard privacy, preventing unauthorized access that can lead to identity theft or reputational damage, and protect property, safeguarding both digital assets and critical infrastructure from disruptive attacks. Decisions about resource allocation, such as whether to deploy a time consuming, costly patch, demands a clear ethical framework to prioritize actions that serve the greater good of stake holds. Prompt transparency and disclosure of vulnerabilities, ideally within 72 hours of discovery, helps coordinate a collective response and empowers affected parties to mitigate their own risks. Cultivating a robust ethical culture, through well defined codes of conduct, continuous education, and leadership commitments. This ensures cybersecurity professionals can uphold integrity and public trusts as they confront problems and challenges that are constantly growing and changing.

Here is the resource I used:

https://www.augusta.edu/online/blog/cybersecurity-ethics