CHAPTER 4KC Enterprises: Lessons Learned in ZT and CTPR

Part I of this book provides details on zero trust (ZT) and third-party risk (TPR), but it can be challenging to translate this information into practice and production in your organization. Part II of this book provides a guide as to how a company or organization can make the changes necessary to complete a ZT journey in TPR. This part discusses some techniques and tools, but the majority of the work centers on process and program changes to make ZT work for TPR. As mentioned before, ZT is not a technology or tool. Instead, it is a set of principles and goals, leveraging technology and tools, to achieve a reduced area of exposure when a breach occurs. The following examples are recommendations and ideas for how to translate and leverage what has been learned in the first part of the book into practice at your organization.

In my first book, Cybersecurity and Third-Party Risk: Third Party Threat Hunting (Wiley, 2021), I created a fictitious company to provide some hands-on examples of how to implement the process and practice. For this current book, some basic information about this fictional company is provided in the following sections.

Kristina Conglomerate Enterprises

Kristina Conglomerate (KC) Enterprises is a medium-size U.S.-based company with some offshore resources in the European Union, India, and the Philippines. It sells widgets all over the United States and requires its vendors to ship products and manage ...

Get Zero Trust and Third-Party Risk now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.