There has been some good discussion on contents for the paper on Mapping Transactions flow which will accompany the paper Defining the Zero Trust Protect Surface | CSA
Below is the paper outline:
- Introduction ( ZT, Protect surface and get in to step 2 which is mapping transactions)
- Overview
- Maturity aligned to CISA ( Traditional, Initial, Advanced and optimal)
- Discuss options to map transactions
i. Manual ( no tools)
ii. Use existing tools ( combination of Network log, Request log, event log)
iii. Fully automated solution
- Options to identity transactions for IOT/OT devices ( Need to work with JJ)
- Refine the protect surface based on the assets discovered
- Discuss about Unused or legacy systems
- Discuss placing security controls and defining architecture based on transaction flow
Targeted Timeline
|
Start Date
|
End Date
|
Deliverable
|
|
10/01/2023
|
11/30/2023
|
Plan and Writing
|
|
12/01/2023
|
12/07/2023
|
Internal Review
|
|
12/08/2023
|
12/30//2023
|
Leadership review
|
|
1/2/2024
|
1/19/2024
|
Public review
|
|
01/22/2024
|
2/2/2024
|
Marketing/Publish - Doc & Deck
|
|
01/22/2024
|
2/2/2024
|
Panel discussion recording
|
Appreciate the interest and contribution to the paper.
Deliverable: Mapping Transaction Flows for Zero Trust.docx
------------------------------
Vinoth Ramalingam
------------------------------