Zero Trust Architecture (Paperback)
暫譯: 零信任架構 (平裝本)

今天的組織需要一種新的安全模型，能更有效地適應現代環境的複雜性和風險，擁抱混合工作場所，並保護人員、設備、應用程式和數據，無論它們位於何處。Zero Trust 是第一個有潛力做到這一切的模型。《Zero Trust Architecture: Theory, Implementation, Maintenance, and Growth》是首本針對架構師、工程師及其他技術專業人員的綜合指南，旨在幫助他們從 Zero Trust 理論轉向實施並成功運行。

一組思科的領先專家和實施者提供了最全面且實質的 Zero Trust 指南，為這個被炒作淹沒的領域帶來清晰的視野、實用的定義和現實世界的專業知識。作者解釋了為什麼基於身份的 Zero Trust 模型能夠實現更大的靈活性、更簡單的操作，以及在最小特權安全的實施和管理中提供直觀的上下文。然後，基於思科自己的模型，他們系統性地闡明了在通往任何基於身份的 Zero Trust 模型過程中所需的方法論、支持技術和整合。

通過現實世界的經驗和案例研究示例，您將學會提出哪些問題、如何開始規劃、當前存在的情況、哪些解決方案組件仍需出現和演變，以及如何在執行通往 Zero Trust 的旅程中驅動短期價值。

Cindy Green-Ortiz is a Cisco senior security architect, cybersecurity strategist, architect, and entrepreneur. She works in the Customer Experience, Global Enterprise Segment for Cisco. She holds the CISSP, CISM, CSSLP, CRISC, PMP, and CSM Certifications, along with two degrees--a BS-CIS Magna Cum Laude and AS-CIS with Honors. She has been with Cisco for 6+ years. Cindy has been in the cybersecurity field for 40 years, where she has held D-CIO, D-CISO, and Corporate Security Architecture Leadership roles, founding two technology businesses as CEO. Cindy is a Cisco Chairman's Club winner (Club Cisco). She is an active blogger for Cisco and has published whitepapers for Cisco and the US Department of Homeland Security. She has spoken to many groups, including PMI International Information Systems & Technology Symposium-Cybersecurity Keynote; Cisco SecCon, and Cisco Live. Cindy is President Emeritus and serves now as the treasurer of Charlotte InfraGard and cofounder of the InfraGard CyberCamp. Cindy lives in Charlotte, North Carolina, with her amazing husband, Erick, and their two wonderful daughters. Cindy and her family love to travel and see the world.

Brandon Fowler is a technical leader for Cisco Customer Experience Professional Services. He holds both CCNP Security and ITIL v4 foundation certifications. Brandon joined Cisco in 2018 with more than 12 years of experience across enterprise networking and security domains. For the past 8 years, his focus has been on identity, access management, and segmentation with expertise across multiple industry verticals, including retail and distribution, hospitality and entertainment, financial services, and healthcare. Additionally, he has helped to develop some of Cisco's current Zero Trust service offerings. Brandon also helps mentor and advise other employees within Cisco and enjoys being challenged and learning new technologies. In his personal time, he enjoys working on cars, photography, and video gaming.

David Houck is a security architect, mentor, and advocate. He has been working with Cisco Customer Experience since 2011. David leads delivery teams in implementing solutions globally to financial, energy, retail, healthcare, and manufacturing organizations that focus on identifying and meeting technical and business outcomes. He has presented on the value and implementation of Cisco solutions globally to customers, partners, and internal audiences. David has worked in networking and security since 2005, with experience in service provider voice, infrastructure, ISP operations, plus data center design and operation before coming to Cisco to focus on security solutions and architecture. He enjoys mentoring to provide experiences and opportunities to see others flourish.

Hank Hensel is a senior security architect working for Cisco's CX Security Services providing security consultation, assessment, and design advisory services to Cisco's US and international customers. Hank has worked more than 30 years (7 years at Cisco) in leadership positions in IT systems, cybersecurity, design, and integration. Hank's areas of expertise include security and infrastructure, project management, disaster recovery, business continuity, risk analysis and mitigation, data mapping, data classification, and cybersecurity infrastructure design. Hank has displayed his expertise and leadership in several different industries, including international banking and finance, healthcare, pharmaceutical, energy, renewable energy, oil and gas, passenger and transit rail, manufacturing, mining, wet infrastructure, chemical, nuclear enrichment, public sector

defense, municipality and state infrastructure, and law enforcement. Hank's expertise and extensive training in networking, security, and strong focus with industrial control systems allow him to engage in nearly all areas of a customer's operations, policies, and practices. Hank holds CCIE (# 3577), CISSP, GICSP, and CMMC-RP, and other certifications. Hank practices Cisco's core values in all customer engagements, which have directly contributed to his consistent project successes in every engagement he has been involved in. Hank's success can be attributed to these values and their consistent culmination by being recognized as a "Trusted Advisor" in nearly every engagement he has been a part of for Cisco. Hank's role of trust and deep experience extend beyond customer relationships to new service offerings development and Cisco team support. Hank was the original developer of the current CX advisory segmentation service offering that has been in use for the last seven years and has contributed to the development of the new CX advisory Zero Trust service offering. Finally, Hank is currently contributing to building a consulting service offering for the renewables energy sector.

Patrick Lloyd is a senior solutions architect for Cisco's Customer Experience Security Services team. He focuses on identity and access management, including segmentation, network access control, identity

exchange, and identity integration in the Northeast United States and Canada region. Patrick has worked in technology delivery at Cisco for 13 years, ranging from stints in the technical assistance center (TAC), working as a routing and switching design engineer, security design engineer, and solutions architect. His focus is guiding customers through introducing visibility and identity exchange to minimize business risk and lateral attack vectors. Previously, Patrick worked in higher education and defense industries in system administration and operational roles. Patrick has extensive experience in integrating identity into various industries, including healthcare, manufacturing, finance, and defense. Utilizing Cisco technologies and the methodologies covered in this book to build a layered security model, Patrick has architected segmentation architectures, including smart building architectures, for more than 100 customers. Patrick's technology focuses span from TrustSec for segmentation, analyzing traffic flow with Cisco Secure Network Analytics/Stealthwatch for development of segmentation policies, implementing firewall and advanced malware protection, and securing critical building systems through policy and segmentation while maintaining availability. Patrick resides in Durham, North Carolina, where he teaches self-defense and is a student pilot when not consumed with technology.

Andrew McDonald is a Cisco network and security architect; he works in the Customer Experience, Security Advisory team for Cisco. He specializes in leading delivery teams creating network segmentation and Zero Trust designs and implementation plans. He has been with Cisco for more than 22 years, working as an escalation engineer, network consulting engineer, systems integration architect, and security architect. Andrew has worked with global customers in all industry verticals and at every level, from front-line support engineers to C-suite executives across multiple technical disciplines. Andrew has worked in the networking and communications industry for more than 40 years. In 1981, he started as a telecommunications technician for Digital Equipment Corporation, where he developed an entry level into a lifelong career.

Jason Frazier is a principal engineer with the Network Services group in Cisco IT. In his current role, Jason focuses on Zero Trust technologies, Cisco DNA, operational excellence, automation, and security. Jason

has deep knowledge of networking technologies, including programmability, enterprise network architecture, and identity. Jason joined Cisco in 1999. He is known throughout the company for his work ethic, passion, loyalty, and drive. Jason currently holds nine patents. For Cisco Live, he is a veteran speaker, hackathon coordinator, blogger, booth orchestrator, or anything called for. Jason is also the author of Cisco Press books.

Jason has been happily married to his wife, Christy, for 22 years. Their oldest son, Davis (16), is Jason's best friend. Jason is also wrapped around the finger of their daughter, Sidney (14). Most nonwork time is spent doing something with or for his kids. He likes to spend time on a bike, when possible. Jason and family like to travel when they can. As a computer engineering graduate of NC State University, Jason and his family enjoy Wolfpack sporting events as well.

Cindy Green-Ortiz 是思科的資深安全架構師、網路安全策略專家、架構師及企業家。她在思科的客戶體驗全球企業部門工作。她擁有CISSP、CISM、CSSLP、CRISC、PMP和CSM等多項認證，並擁有兩個學位——榮譽學士學位（BS-CIS Magna Cum Laude）和榮譽副學士學位（AS-CIS with Honors）。她在思科工作超過6年。Cindy在網路安全領域已有40年的經驗，曾擔任D-CIO、D-CISO及企業安全架構領導職位，並作為CEO創立了兩家科技公司。Cindy是思科主席俱樂部的獲獎者（Club Cisco）。她是思科的活躍部落客，並為思科和美國國土安全部發表過白皮書。她曾在許多場合演講，包括PMI國際資訊系統與技術研討會的網路安全主題演講、思科SecCon和思科Live。Cindy是夏洛特InfraGard的名譽會長，現任財務主管，並共同創辦了InfraGard CyberCamp。Cindy與她的丈夫Erick及兩位女兒住在北卡羅來納州的夏洛特。Cindy和她的家人喜歡旅行，探索世界。

Brandon Fowler 是思科客戶體驗專業服務的技術領導者。他擁有CCNP Security和ITIL v4基礎認證。Brandon於2018年加入思科，擁有超過12年的企業網路和安全領域經驗。在過去的8年中，他專注於身份、訪問管理和分段，並在零售和分銷、酒店和娛樂、金融服務及醫療保健等多個行業擁有專業知識。此外，他還幫助開發了思科目前的零信任服務產品。Brandon也幫助指導和建議思科內的其他員工，並喜歡接受挑戰和學習新技術。在個人時間，他喜歡修車、攝影和玩電子遊戲。

David Houck 是一位安全架構師、導師和倡導者。他自2011年以來一直在思科客戶體驗部門工作。David領導交付團隊在全球範圍內為金融、能源、零售、醫療保健和製造業組織實施解決方案，專注於識別和滿足技術及商業成果。他曾向客戶、合作夥伴和內部觀眾展示思科解決方案的價值和實施。自2005年以來，David一直在網路和安全領域工作，擁有服務提供商語音、基礎設施、ISP運營以及數據中心設計和運營的經驗，然後來到思科專注於安全解決方案和架構。他喜歡擔任導師，提供經驗和機會，讓他人茁壯成長。

Hank Hensel 是思科CX安全服務的資深安全架構師，為思科的美國和國際客戶提供安全諮詢、評估和設計顧問服務。Hank在IT系統、網路安全、設計和整合方面擔任領導職位超過30年（在思科工作7年）。Hank的專業領域包括安全和基礎設施、項目管理、災難恢復、業務連續性、風險分析和緩解、數據映射、數據分類以及網路安全基礎設施設計。Hank在多個行業中展示了他的專業知識和領導能力，包括國際銀行和金融、醫療保健、製藥、能源、可再生能源、石油和天然氣、客運和交通鐵路、製造、採礦、濕基礎設施、化學、核增殖、公共部門防禦、市政和州基礎設施以及執法。Hank在網路、安全和工業控制系統方面的專業知識和廣泛訓練使他能夠參與客戶運營、政策和實踐的幾乎所有領域。Hank擁有CCIE（#3577）、CISSP、GICSP和CMMC-RP等多項認證。Hank在所有客戶互動中實踐思科的核心價值觀，這直接促成了他在每個參與的項目中的持續成功。Hank的成功可歸因於這些價值觀及其在幾乎每個參與的項目中被認可為“值得信賴的顧問”。Hank的信任角色和深厚經驗超越了客戶關係，延伸至新服務產品的開發和思科團隊的支持。Hank是目前CX顧問分段服務產品的原始開發者，該服務已使用七年，並為新CX顧問零信任服務產品的開發做出了貢獻。最後，Hank目前正在為可再生能源部門建立諮詢服務產品。

Patrick Lloyd 是思科客戶體驗安全服務團隊的資深解決方案架構師。他專注於身份和訪問管理，包括分段、網路訪問控制、身份交換和身份整合，服務於美國東北部和加拿大地區。Patrick在思科的技術交付工作已有13年，曾在技術支援中心（TAC）工作，擔任路由和交換設計工程師、安全設計工程師和解決方案架構師。他的重點是指導客戶引入可見性和身份交換，以最小化商業風險和橫向攻擊向量。之前，Patrick在高等教育和國防行業擔任系統管理和運營角色。Patrick在將身份整合到醫療保健、製造、金融和國防等各行業方面擁有豐富的經驗。利用思科技術和本書中涵蓋的方法論來建立分層安全模型，Patrick為超過100個客戶設計了分段架構，包括智慧建築架構。Patrick的技術重點涵蓋從TrustSec進行分段、使用Cisco Secure Network Analytics/Stealthwatch分析流量以制定分段政策、實施防火牆和高級惡意軟體保護，以及通過政策和分段保護關鍵建築系統，同時保持可用性。Patrick居住在北卡羅來納州的達勒姆，當不忙於技術時，他會教授自衛術並是一名學生飛行員。

Andrew McDonald 是思科的網路和安全架構師；他在思科的客戶體驗安全顧問團隊工作。他專注於領導交付團隊創建網路分段和零信任設計及實施計劃。他在思科工作超過22年，曾擔任升級工程師、網路顧問工程師、系統整合架構師和安全架構師。Andrew與全球各行業的客戶合作，並在每個層級工作，從前線支援工程師到C-suite高管，涵蓋多個技術領域。Andrew在網路和通信行業工作超過40年。1981年，他作為數位設備公司的電信技術員開始了他的職業生涯，並在此發展出一條終身職業的入門路徑。

Jason Frazier 是思科IT網路服務組的首席工程師。在目前的角色中，Jason專注於零信任技術、思科DNA、運營卓越、自動化和安全。Jason對網路技術有深入的了解，包括可編程性、企業網路架構和身份。Jason於1999年加入思科。他因工作倫理、熱情、忠誠和進取心而在公司內部廣為人知。Jason目前擁有九項專利。作為思科Live的資深演講者、黑客馬拉松協調員、部落客、展位組織者或任何需要的角色，Jason都能勝任。Jason也是思科出版社書籍的作者。

Jason與妻子Christy幸福地結婚22年。他們的長子Davis（16歲）是Jason最好的朋友。Jason也深受女兒Sidney（14歲）的喜愛。大部分非工作時間都花在與孩子們一起做事情上。他喜歡在有可能的時候騎自行車。Jason和家人喜歡在有空時旅行。作為北卡羅來納州立大學的計算機工程畢業生，Jason和他的家人也喜歡參加Wolfpack的體育賽事。