Knowing how to implement and manage zero trust architecture and policies is now a top priority for cybersecurity teams. In the most recent ISC2 Cybersecurity Workforce Study, zero trust technology and architecture ranked near the top – only behind cybersecurity automation and AI advancements – as having “the greatest positive impact” on securing organizations.
To properly implement the zero trust model, cybersecurity professionals need a solid understanding of Policy Enforcement Points (PEP). As the gatekeepers for access requests to data, applications and networks, PEPs provide a critical line of defense against cyber risks.
PEPs include firewalls, security appliances, and access controls in web servers and enterprise and cloud environments. The critical role these controls play in deciding who or what devices access an organization’s data makes them a fundamental piece of any zero-trust implementation.
The zero trust model relies on a “Never trust, always verify” approach requiring verification of users and devices for every access request. PEPs base decisions to grant or deny access on an organization’s predefined security policies and interconnected network components. They make it possible to safeguard an organization’s data through centralized enforcement while maintaining a consistent approach to security policy management.
Valuable Cybersecurity Skills
Cybersecurity professionals need to develop and maintain a variety of skills to successfully fill their roles in defending their organizations against cyber risks. Currently, skills around managing PEPs in the context of zero trust enforcement are especially valuable.
Some 63% of organizations have implemented the model, according to Gartner. Zero trust implementation was among the Top 10 skills that non-hiring managers in the Cybersecurity Workforce Study cited as “most in demand for cybersecurity professionals looking to advance their careers.”
ISC2’s new Understanding Policy Enforcement Points Express Course teaches cybersecurity professionals about PEPs and how they function within a zero-trust environment. The on-demand, one-hour course covers a range of topics such as how PEPs execute access decisions in the context of an organization’s security policies and how they ensure secure, resilient deployments across various domains.
During the session, attendees earn 1 CPE credit and will participate in activities involving real-world applications to gain a practical understanding of how PEPs function. Material covered includes an evaluation of policy-based access control strategies and security capabilities designed to optimize enforcement across domains such as identity, data and network protection.
The course also covers the differences in responsibilities across internal teams, vendors and service providers that use frameworks such as RACI (Responsible, Accountable, Consulted, and Informed) to clarify each stakeholder’s accountability. For more information about the Understanding Policy Enforcement Policy Express Course, click here.
