Standards, Frameworks, and Other Resources

Center for Internet Security: The 18 CIS Critical Security Controls—www.cisecurity.org/controls/cis-controls-list

Cybersecurity & Infrastructure Security Agency: CISA Tabletop Exercise Packages—www.cisa.gov/cisa-tabletop-exercises-packages

Executive Order on Improving the Nation's Cybersecurity—www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity

NIST Special Publication 800-53 Revision 5: Security and Privacy Controls for Information Systems and Organizations—https://doi.org/10.6028/NIST.SP.800-53r5

NIST Special Publication 800-61 Revision 2: Computer Security Incident Handling Guide—https://doi.org/10.6028/NIST.SP.800-61r2

NIST Special Publication 800-84: Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities—https://doi.org/10.6028/NIST.SP.800-84

NIST Special Publication 800-171 Revision 2: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations—https://doi.org/10.6028/NIST.SP.800-171r2

NIST Special Publication 800-207: Zero Trust Architecture—https://doi.org/10.6028/NIST.SP.800-207

OWASP API Security Project—https://owasp.org/www-project-api-security

OWASP Top 10—https://owasp.org/Top10

Case Studies

Adobe's Case Study on Zero Trust—www.youtube.com/watch?v=IGFhMoRXTqg&t=7s

How Akami Implemented a Zero Trust Security Model—www.akamai.com/us/en/multimedia/documents/case-study/how-akamai-implemented-a-zero-trust-security-model-without-a-vpn.pdf

LogRhythm's Journey to Zero Trust—www.youtube.com/watch?v=Fj4ifrMfD8w&feature=emb_logo

Google BeyondCorp Papers

An overview: “A New Approach to Enterprise Security”—https://research.google.com/pubs/pub43231.html

How Google did it: “Design to Deployment at Google”—https://research.google.com/pubs/pub44860.html

Google's front-end infrastructure: “The Access Proxy”—https://research.google.com/pubs/pub45728.html

Migrating to BeyondCorp: “Maintaining Productivity while Improving Security”—https://research.google.com/pubs/pub46134.html

The human element: “The User Experience”—https://research.google.com/pubs/pub46366.html

Secure your endpoints: “Building a Healthy Fleet”—https://ai.google/research/pubs/pub47356

Books

Cyber Warfare—Truth, Tactics, and Strategies. Dr. Chase Cunningham, Packt Publishing, 2020.

Zero Trust Networks. Evan Gilman, Doug Barth, O'Reilly Media, 2017.

Zero Trust Security: An Enterprise Guide. Jason Garbis, Jerry W. Chapman, Apress, 2021.

Hardening Guides

Best Practices for Securing Active Directory—https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/best-practices-for-securing-active-directory

Cisco Router Hardening Guide—www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html

Docker Hardening—https://docs.docker.com/engine/security

Kubernetes Hardening Guide—https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/0/CTR_Kubernetes_Hardening_Guidance_1.1_20220315.PDF

Microsoft Security Baselines—https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines

Securing Distribution Independent Linux—www.cisecurity.org/benchmark/distribution_independent_linux

VMWare Security Hardening Guides—www.vmware.com/security/hardening-guides.html

Windows Server Security Documentation—https://docs.microsoft.com/en-us/windows-server/security/security-and-assurance